Re: [ovirt-devel] [ovirt-users] please test and give karma to novnc on epel6

2015-02-03 Thread Sandro Bonazzola 
Il 03/02/2015 18:03, Gianluca Cecchi ha scritto:
> On Tue, Feb 3, 2015 at 2:35 PM, Sandro Bonazzola  > wrote:
> 
> 
> >
> > Any particular log to check?
> > When I click console button in user portal I get this on engine.log
> 
> Adding some people that may know the answer.
> 
> 
> Hello I found the answer here.. I have to acquire certificate also on 6100 
> port, not only on 6100... donna exactly the reason but it works as was in
> this thread:
> http://lists.ovirt.org/pipermail/users/2014-November/029169.html
> 
> Now I can get the novnc desktop console and so can go to test the new novnc 
> package indicated in your first link.
> What does it give more than current, to check against?

It shouldn't give anything more, it should just work as the previous one

> 
> I see that I have the novnc package installed only on engine, is this correct?
> Now I have novnc-0.4-7.el6.noarch on engine.

Yes, it's correct

> 
> Gianluca


-- 
Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com
___
Devel mailing list
Devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/devel

Re: [ovirt-devel] [ovirt-users] please test and give karma to novnc on epel6

2015-02-03 Thread Gianluca Cecchi 
On Tue, Feb 3, 2015 at 6:03 PM, Gianluca Cecchi 
wrote:

> On Tue, Feb 3, 2015 at 2:35 PM, Sandro Bonazzola 
> wrote:
>
>>
>> >
>> > Any particular log to check?
>> > When I click console button in user portal I get this on engine.log
>>
>> Adding some people that may know the answer.
>>
>>
> Hello I found the answer here.. I have to acquire certificate also on 6100
> port, not only on 6100... donna exactly the reason but it works as was in
> this thread:
> http://lists.ovirt.org/pipermail/users/2014-November/029169.html
>
> Now I can get the novnc desktop console and so can go to test the new
> novnc package indicated in your first link.
> What does it give more than current, to check against?
>
> I see that I have the novnc package installed only on engine, is this
> correct?
> Now I have novnc-0.4-7.el6.noarch on engine.
>
> Gianluca
>

Correct phrase:
Hello I found the answer here.. I have to acquire certificate also on 6100
port, not only on 443.
___
Devel mailing list
Devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/devel

Re: [ovirt-devel] [ovirt-users] please test and give karma to novnc on epel6

2015-02-03 Thread Gianluca Cecchi 
On Tue, Feb 3, 2015 at 2:35 PM, Sandro Bonazzola 
wrote:

>
> >
> > Any particular log to check?
> > When I click console button in user portal I get this on engine.log
>
> Adding some people that may know the answer.
>
>
Hello I found the answer here.. I have to acquire certificate also on 6100
port, not only on 6100... donna exactly the reason but it works as was in
this thread:
http://lists.ovirt.org/pipermail/users/2014-November/029169.html

Now I can get the novnc desktop console and so can go to test the new novnc
package indicated in your first link.
What does it give more than current, to check against?

I see that I have the novnc package installed only on engine, is this
correct?
Now I have novnc-0.4-7.el6.noarch on engine.

Gianluca
___
Devel mailing list
Devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/devel

Re: [ovirt-devel] [ovirt-users] please test and give karma to novnc on epel6

2015-02-03 Thread Sandro Bonazzola 
Il 03/02/2015 14:27, Gianluca Cecchi ha scritto:
> On Tue, Feb 3, 2015 at 1:04 PM, Sandro Bonazzola  > wrote:
> 
> 
> 
> Have you imported the CA in your browser?
> You can download the certificate authority by navigating 'https:// engine address>/ca.crt'.
> 
> 
> Yes I already imported it, see this screenshot:
> https://drive.google.com/file/d/0BwoPbcrMv8mvblp5amdoQmFaX1E/view?usp=sharing
> 
> In fact if I try to go to ca.crt page again from firefox I receive the 
> message (translated from italian):
> This certificate results already installed as a certificate of a 
> certification authority
> 
> Any particular log to check?
> When I click console button in user portal I get this on engine.log

Adding some people that may know the answer.


> 
> 2015-02-03 14:20:10,125 INFO  [org.ovirt.engine.core.bll.SetVmTicketCommand] 
> (ajp--127.0.0.1-8702-5) [65265ef3] Running command: SetVmTicketCommand
> internal: false. Entities affected :  ID: 
> 168470b1-b7eb-4dab-8fa4-6b744e2ad738 Type: VMAction group CONNECT_TO_VM with 
> role type USER
> 2015-02-03 14:20:10,130 INFO  
> [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] 
> (ajp--127.0.0.1-8702-5) [65265ef3] START,
> SetVmTicketVDSCommand(HostName = ovnode04, HostId = 
> 36fec87b-c21f-4157-ab2f-434b67c05cb9, 
> vmId=168470b1-b7eb-4dab-8fa4-6b744e2ad738,
> ticket=foy2cb1NuPds, validTime=120,m userName=ovadmin, 
> userId=92fa8316-45ac-47bb-9bbd-be80709bf888), log id: 6da35818
> 2015-02-03 14:20:10,189 INFO  
> [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] 
> (ajp--127.0.0.1-8702-5) [65265ef3] FINISH,
> SetVmTicketVDSCommand, log id: 6da35818
> 2015-02-03 14:20:10,233 INFO  
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] 
> (ajp--127.0.0.1-8702-5) [65265ef3] Correlation
> ID: 65265ef3, Call Stack: null, Custom Event ID: -1, Message: user 
> ovadmin@ldap1 initiated console session for VM ubuntutrusty
> 
> and in ssl_access _log of engine:
> 
> 192.168.1.128 - - [03/Feb/2015:14:20:10 +0100] "POST 
> /ovirt-engine/userportal/GenericApiGWTService HTTP/1.1" 200 3389
> 192.168.1.128 - - [03/Feb/2015:14:20:10 +0100] "POST 
> /ovirt-engine/userportal/GenericApiGWTService HTTP/1.1" 200 315
> 192.168.1.128 - - [03/Feb/2015:14:20:10 +0100] "POST 
> /ovirt-engine/userportal/GenericApiGWTService HTTP/1.1" 200 4060
> 192.168.1.128 - - [03/Feb/2015:14:20:14 +0100] "GET 
> /ovirt-engine/services/novnc-main.html?host=ovirtmgr.localdomain.local&port=6100
>  HTTP/1.1" 304 -
> 192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET 
> /ovirt-engine/services/files/novnc/include/vnc.js HTTP/1.1" 304 -
> 192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET 
> /ovirt-engine/services/files/novnc/include/base.css HTTP/1.1" 304 -
> 192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET 
> /ovirt-engine/services/files/novnc/include/util.js HTTP/1.1" 304 -
> 192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET 
> /ovirt-engine/services/files/novnc/include/webutil.js HTTP/1.1" 304 -
> 192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET 
> /ovirt-engine/services/files/novnc/include/base64.js HTTP/1.1" 304 -
> 192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET 
> /ovirt-engine/services/files/novnc/include/des.js HTTP/1.1" 304 -
> 192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET 
> /ovirt-engine/services/files/novnc/include/websock.js HTTP/1.1" 304 -
> 192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET 
> /ovirt-engine/services/files/novnc/include/input.js HTTP/1.1" 304 -
> 192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET 
> /ovirt-engine/services/files/novnc/include/display.js HTTP/1.1" 304 -
> 192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET 
> /ovirt-engine/services/files/novnc/include/rfb.js HTTP/1.1" 304 -
> 192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET 
> /ovirt-engine/services/files/novnc/include/jsunzip.js HTTP/1.1" 304 -
> 
> 
> and in ssl_request_log:
> [03/Feb/2015:14:20:10 +0100] 192.168.1.128 TLSv1.2 
> ECDHE-RSA-AES128-GCM-SHA256 "POST /ovirt-engine/userportal/GenericA
> piGWTService HTTP/1.1" 3389
> [03/Feb/2015:14:20:10 +0100] 192.168.1.128 TLSv1.2 
> ECDHE-RSA-AES128-GCM-SHA256 "POST /ovirt-engine/userportal/GenericA
> piGWTService HTTP/1.1" 315
> [03/Feb/2015:14:20:10 +0100] 192.168.1.128 TLSv1.2 
> ECDHE-RSA-AES128-GCM-SHA256 "POST /ovirt-engine/userportal/GenericA
> piGWTService HTTP/1.1" 4060
> [03/Feb/2015:14:20:14 +0100] 192.168.1.128 TLSv1.2 
> ECDHE-RSA-AES128-GCM-SHA256 "GET /ovirt-engine/services/novnc-main.
> html?host=ovirtmgr.localdomain.local&port=6100 HTTP/1.1" -
> [03/Feb/2015:14:20:15 +0100] 192.168.1.128 TLSv1.2 
> ECDHE-RSA-AES128-GCM-SHA256 "GET /ovirt-engine/services/files/novnc
> /include/vnc.js HTTP/1.1" -
> [03/Feb/2015:14:20:15 +0100] 192.168.1.128 TLSv1.2 
> ECDHE-RSA-AES128-GCM-SHA256 "GET /ovirt-engine/services/files/novnc
> /include/base.css HTTP/1.1" -
> [03/Feb/2015:14:20:15 +0100] 192.168.1.128 TLSv1.2 
> ECDHE-RSA-AES128-GCM-SHA256 "GET /ovi

Re: [ovirt-devel] [ovirt-users] please test and give karma to novnc on epel6

2015-02-03 Thread Gianluca Cecchi 
On Tue, Feb 3, 2015 at 1:04 PM, Sandro Bonazzola 
wrote:

>
>
> Have you imported the CA in your browser?
> You can download the certificate authority by navigating 'https:// engine address>/ca.crt'.
>
>
Yes I already imported it, see this screenshot:
https://drive.google.com/file/d/0BwoPbcrMv8mvblp5amdoQmFaX1E/view?usp=sharing

In fact if I try to go to ca.crt page again from firefox I receive the
message (translated from italian):
This certificate results already installed as a certificate of a
certification authority

Any particular log to check?
When I click console button in user portal I get this on engine.log

2015-02-03 14:20:10,125 INFO
 [org.ovirt.engine.core.bll.SetVmTicketCommand] (ajp--127.0.0.1-8702-5)
[65265ef3] Running command: SetVmTicketCommand internal: false. Entities
affected :  ID: 168470b1-b7eb-4dab-8fa4-6b744e2ad738 Type: VMAction group
CONNECT_TO_VM with role type USER
2015-02-03 14:20:10,130 INFO
 [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand]
(ajp--127.0.0.1-8702-5) [65265ef3] START, SetVmTicketVDSCommand(HostName =
ovnode04, HostId = 36fec87b-c21f-4157-ab2f-434b67c05cb9,
vmId=168470b1-b7eb-4dab-8fa4-6b744e2ad738, ticket=foy2cb1NuPds,
validTime=120,m userName=ovadmin,
userId=92fa8316-45ac-47bb-9bbd-be80709bf888), log id: 6da35818
2015-02-03 14:20:10,189 INFO
 [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand]
(ajp--127.0.0.1-8702-5) [65265ef3] FINISH, SetVmTicketVDSCommand, log id:
6da35818
2015-02-03 14:20:10,233 INFO
 [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ajp--127.0.0.1-8702-5) [65265ef3] Correlation ID: 65265ef3, Call Stack:
null, Custom Event ID: -1, Message: user ovadmin@ldap1 initiated console
session for VM ubuntutrusty

and in ssl_access _log of engine:

192.168.1.128 - - [03/Feb/2015:14:20:10 +0100] "POST
/ovirt-engine/userportal/GenericApiGWTService HTTP/1.1" 200 3389
192.168.1.128 - - [03/Feb/2015:14:20:10 +0100] "POST
/ovirt-engine/userportal/GenericApiGWTService HTTP/1.1" 200 315
192.168.1.128 - - [03/Feb/2015:14:20:10 +0100] "POST
/ovirt-engine/userportal/GenericApiGWTService HTTP/1.1" 200 4060
192.168.1.128 - - [03/Feb/2015:14:20:14 +0100] "GET
/ovirt-engine/services/novnc-main.html?host=ovirtmgr.localdomain.local&port=6100
HTTP/1.1" 304 -
192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET
/ovirt-engine/services/files/novnc/include/vnc.js HTTP/1.1" 304 -
192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET
/ovirt-engine/services/files/novnc/include/base.css HTTP/1.1" 304 -
192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET
/ovirt-engine/services/files/novnc/include/util.js HTTP/1.1" 304 -
192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET
/ovirt-engine/services/files/novnc/include/webutil.js HTTP/1.1" 304 -
192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET
/ovirt-engine/services/files/novnc/include/base64.js HTTP/1.1" 304 -
192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET
/ovirt-engine/services/files/novnc/include/des.js HTTP/1.1" 304 -
192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET
/ovirt-engine/services/files/novnc/include/websock.js HTTP/1.1" 304 -
192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET
/ovirt-engine/services/files/novnc/include/input.js HTTP/1.1" 304 -
192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET
/ovirt-engine/services/files/novnc/include/display.js HTTP/1.1" 304 -
192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET
/ovirt-engine/services/files/novnc/include/rfb.js HTTP/1.1" 304 -
192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET
/ovirt-engine/services/files/novnc/include/jsunzip.js HTTP/1.1" 304 -


and in ssl_request_log:
[03/Feb/2015:14:20:10 +0100] 192.168.1.128 TLSv1.2
ECDHE-RSA-AES128-GCM-SHA256 "POST /ovirt-engine/userportal/GenericA
piGWTService HTTP/1.1" 3389
[03/Feb/2015:14:20:10 +0100] 192.168.1.128 TLSv1.2
ECDHE-RSA-AES128-GCM-SHA256 "POST /ovirt-engine/userportal/GenericA
piGWTService HTTP/1.1" 315
[03/Feb/2015:14:20:10 +0100] 192.168.1.128 TLSv1.2
ECDHE-RSA-AES128-GCM-SHA256 "POST /ovirt-engine/userportal/GenericA
piGWTService HTTP/1.1" 4060
[03/Feb/2015:14:20:14 +0100] 192.168.1.128 TLSv1.2
ECDHE-RSA-AES128-GCM-SHA256 "GET /ovirt-engine/services/novnc-main.
html?host=ovirtmgr.localdomain.local&port=6100 HTTP/1.1" -
[03/Feb/2015:14:20:15 +0100] 192.168.1.128 TLSv1.2
ECDHE-RSA-AES128-GCM-SHA256 "GET /ovirt-engine/services/files/novnc
/include/vnc.js HTTP/1.1" -
[03/Feb/2015:14:20:15 +0100] 192.168.1.128 TLSv1.2
ECDHE-RSA-AES128-GCM-SHA256 "GET /ovirt-engine/services/files/novnc
/include/base.css HTTP/1.1" -
[03/Feb/2015:14:20:15 +0100] 192.168.1.128 TLSv1.2
ECDHE-RSA-AES128-GCM-SHA256 "GET /ovirt-engine/services/files/novnc
/include/util.js HTTP/1.1" -
[03/Feb/2015:14:20:15 +0100] 192.168.1.128 TLSv1.2
ECDHE-RSA-AES128-GCM-SHA256 "GET /ovirt-engine/services/files/novnc
/include/webutil.js HTTP/1.1" -
[03/Feb/2015:14:20:15 +0100] 192.168.1.128 TLSv1.2
ECDHE-RSA-AES128-GCM-SHA256 "GET
/ovirt-engine/services/files/novnc/include/base64.js HTTP/1.1" -
[

Re: [ovirt-devel] [ovirt-users] please test and give karma to novnc on epel6

2015-02-03 Thread Sandro Bonazzola 
Il 03/02/2015 12:09, Gianluca Cecchi ha scritto:
> On Mon, Feb 2, 2015 at 1:26 PM, Sandro Bonazzola  > wrote:
> 
> Hi,
> a new package restoring novnc on epel6 has been pushed:
> https://admin.fedoraproject.org/updates/novnc-0.4-9.el6
> 
> Please help testing and giving karma.
> Thanks,
> --
> Sandro Bonazzola
> Better technology. Faster innovation. Powered by community collaboration.
> See how it works at redhat.com 
> ___
> Users mailing list
> us...@ovirt.org 
> http://lists.ovirt.org/mailman/listinfo/users
> 
> 
> 
> hello,
> I'm currently on 3.5.1.1 with myengine and both engine and another system 
> configured as host are 6.6 + updates
> (host has 3.5.1 packages too)
> I have an ubuntu vm configured with vnc console.
> From user portal I select novnc and open console and I get 
> Server disconnected (code: 1006)

Have you imported the CA in your browser?
You can download the certificate authority by navigating 'https:///ca.crt'.


> 
> (that seems the error when websocket proxy is not configured as in
> https://access.redhat.com/solutions/718653
> )
> 
> Is this the problem we are trying to address? Or is anything wrong at first 
> step in configuring?
> I have not updated novnc package yet.

No, the issue here is that novnc was orphaned in epel6 and we built a custom 
novnc within ovirt for having it back.
Now someone took maintainership of novnc within epel6 and in order to get it 
back the package must have enough karma.
That's why test is requested.



> 
> My current setup for test:
> 
> On engine
> [root@ovirtmgr ~]# engine-config -g WebSocketProxy
> WebSocketProxy: ovirtmgr.localdomain.local:6100 version: general
> 
> [root@ovirtmgr ~]# service ovirt-websocket-proxy status
> ovirt-websocket-proxy (pid  10848) is running...
> 
> [root@ovirtmgr ~]# lsof -Pp 10848|grep TCP
> ovirt-web 10848 ovirt5u  IPv4  51868  0t0 TCP *:6100 
> (LISTEN)
> 
> 
> [root@ovirtmgr ~]# iptables -L -n | egrep "Chain|6100"
> Chain INPUT (policy ACCEPT)
> ACCEPT tcp  --  0.0.0.0/0 0.0.0.0/0 
>    state NEW tcp dpt:6100
> Chain FORWARD (policy ACCEPT)
> Chain OUTPUT (policy ACCEPT)
> 
> The client is windows 7 with firefox 35.0.1
> and I correctly imported the certificate of ovirtmgr.
> 
> So let me know if I'm in the point to apply the novnc patch and test it or if 
> it is supposed I fix my 1006 error before.
> Also, the novnc package I think I have to install it on hypervisor, correct?
> Gianluca


-- 
Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com
___
Devel mailing list
Devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/devel

Re: [ovirt-devel] [ovirt-users] please test and give karma to novnc on epel6

2015-02-03 Thread Gianluca Cecchi 
On Mon, Feb 2, 2015 at 1:26 PM, Sandro Bonazzola 
wrote:

> Hi,
> a new package restoring novnc on epel6 has been pushed:
> https://admin.fedoraproject.org/updates/novnc-0.4-9.el6
>
> Please help testing and giving karma.
> Thanks,
> --
> Sandro Bonazzola
> Better technology. Faster innovation. Powered by community collaboration.
> See how it works at redhat.com
> ___
> Users mailing list
> us...@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>


hello,
I'm currently on 3.5.1.1 with myengine and both engine and another system
configured as host are 6.6 + updates
(host has 3.5.1 packages too)
I have an ubuntu vm configured with vnc console.
>From user portal I select novnc and open console and I get
Server disconnected (code: 1006)

(that seems the error when websocket proxy is not configured as in
https://access.redhat.com/solutions/718653
)

Is this the problem we are trying to address? Or is anything wrong at first
step in configuring?
I have not updated novnc package yet.

My current setup for test:

On engine
[root@ovirtmgr ~]# engine-config -g WebSocketProxy
WebSocketProxy: ovirtmgr.localdomain.local:6100 version: general

[root@ovirtmgr ~]# service ovirt-websocket-proxy status
ovirt-websocket-proxy (pid  10848) is running...

[root@ovirtmgr ~]# lsof -Pp 10848|grep TCP
ovirt-web 10848 ovirt5u  IPv4  51868  0t0 TCP
*:6100 (LISTEN)


[root@ovirtmgr ~]# iptables -L -n | egrep "Chain|6100"
Chain INPUT (policy ACCEPT)
ACCEPT tcp  --  0.0.0.0/00.0.0.0/0   state NEW tcp
dpt:6100
Chain FORWARD (policy ACCEPT)
Chain OUTPUT (policy ACCEPT)

The client is windows 7 with firefox 35.0.1
and I correctly imported the certificate of ovirtmgr.

So let me know if I'm in the point to apply the novnc patch and test it or
if it is supposed I fix my 1006 error before.
Also, the novnc package I think I have to install it on hypervisor, correct?
Gianluca
___
Devel mailing list
Devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/devel