[ovirt-users] Re: access engine by http

2019-02-16 Thread du_hon...@yeah.net 
I do not want custemer to add self-signed certificate. I only want to visit 
ovirt-engine with http.  I try more attempts but not success, 

I hope you can help me. thanks


Regards
Hongyu Du
 
From: Greg Sheremeta
Date: 2019-02-15 23:28
To: du_hon...@yeah.net
CC: users; Ravi Shankar Nori
Subject: Re: [ovirt-users] Re: access engine by http
I agree with Ravi.

If your use case is that you just don't want to be nagged by the browser about 
your self-signed certificate, why not just import the CA into your browser?
Like this: 
https://www.ovirt.org/documentation/intro-vm-portal/What_is_the_VM_Portal.html#installing-the-ca-certificate

On Fri, Feb 15, 2019 at 9:21 AM Ravi Shankar Nori  wrote:
I am not sure we can do what you are asking for. A lot of stuff is not going to 
work. AFAIK you will need a dedicated machine to run ovirt engine on the 
default ports.

On Thu, Feb 14, 2019 at 10:29 PM du_hon...@yeah.net  wrote:
hi Ravi
 sorry, I do not understand when I visit http:192.168.122.176:80/ovirt-engine 
still redirect to https:192.168.122.176:443/ovirt-engine, I already fix 
sso_clients table;
who redirect http to https??
 thanks

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/X6AND4SAJ4SWQ54K2OPGY75OMHU5DW4L/

[ovirt-users] Re: access engine by http

2019-02-16 Thread du_hon...@yeah.net 
thanks Ravi, can I visit engine that is installed by RPM with http? I strongly 
want to visit ovirt engine with http. and ovirt-engine is installed RPM.   
  is this solution available?



Regards
Hongyu Du
 
From: Ravi Shankar Nori
Date: 2019-02-15 22:15
To: du_hon...@yeah.net
CC: users
Subject: Re: [ovirt-users] Re: access engine by http
I am not sure we can do what you are asking for. A lot of stuff is not going to 
work. AFAIK you will need a dedicated machine to run ovirt engine on the 
default ports.

On Thu, Feb 14, 2019 at 10:29 PM du_hon...@yeah.net  wrote:
hi Ravi
 sorry, I do not understand when I visit http:192.168.122.176:80/ovirt-engine 
still redirect to https:192.168.122.176:443/ovirt-engine, I already fix 
sso_clients table;
who redirect http to https??
 thanks

engine=# select * from sso_clients
engine-# ;
 id | client_id  |  

client_secret 

  | callback_prefix |   
   certificate_location   
   |notification_callback|
description | email |   

 scope  

  
| trusted | notification_callback_protocol | 
notification_callback_verify_host | notification_callback_verify_chain 
++
--+-+-
---+-++---+---
--
+-++---+
  1 | ovirt-engine-core  | 
eyJhcnRpZmFjdCI6IkVudmVsb3BlUEJFIiwic2FsdCI6ImRSc3Y1bnNCR2F0b3M1WTNNOHhiQktGaDlSbEd4SnpjWWxmdzY3NmNUaFk9Iiwic2VjcmV0IjoicE5RM2E0TXQ2aU40MU5YVVY3R0ZMZjcvVnZBMWlWWnN
oOE1ERXozQkIwZz0iLCJ2ZXJzaW9uIjoiMSIsIml0ZXJhdGlvbnMiOiI0MDAwIiwiYWxnb3JpdGhtIjoiUEJLREYyV2l0aEhtYWNTSEExIn0=
 | http://192.168.122.176:80/ovirt-engine/ | 
/etc/pki/ovirt-engine/certs/engine.c
er | http:/192.168.122.176:80/ovirt-engine/services/sso-callback | oVirt Engine 
  |   | openid ovirt-app-portal ovirt-app-admin ovirt-app-api 
ovirt-ext=auth:identity ovirt-ext=token:
password-access ovirt-ext=auth:sequence-priority 
ovirt-ext=token:login-on-behalf ovirt-ext=token-info:authz-search 
ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate ovir
t-ext=revoke:revoke-all | t   | TLS| f  
   | t
  2 | ovirt-provider-ovn | 
eyJhcnRpZmFjdCI6IkVudmVsb3BlUEJFIiwic2FsdCI6Ikh0Zlp5eFJEUXB2RmVaOTJCeU83NUxISXR3Uk9Nd05YUWYzd2wyS2lvSkE9Iiwic2VjcmV0IjoiOVlMZldRSHRiZDdBbVVQdnRNcTgwdndzWG8xMzN6a1V
5WXN2dEJxVEttWT0iLCJ2ZXJzaW9uIjoiMSIsIml0ZXJhdGlvbnMiOiI0MDAwIiwiYWxnb3JpdGhtIjoiUEJLREYyV2l0aEhtYWNTSEExIn0=
 | http://192.168.122.176:80/ovirt-engine/ | 
/etc/pki/ovirt-engine/certs/engine.c
er | http:/192.168.122.176:80/ovirt-engine/services/sso-callback | 
ovirt-provider-ovn |   | ovirt-app-api ovirt-ext=token-info:validate 
ovirt-ext=token-info:public-authz-search  


  
| t   | TLS| f  
   | t
(2 rows)



Regards
Hongyu Du
 
From: du_hon...@yeah.net
Date: 2019-02-14 23:32
To: Ravi Nori
CC: users
Subject: [ovirt-users] Re: access engine by http
thanks Ravi, because  my engine certification is signed by myself, when I visit 
my ovirt-engine by browser,  browser need add security exception, so I want to 
engine by http.

I realise /etc/httpd/conf.d/z-ovirt-engine-proxy.conf redirect /ovirt-engine to 
127.0.0.1:8702  , but I do not know how to  redirect https , I do not find some 
redirect https info.

I fix "ProxyPassMatch ajp://127.0.0.1:8702 timeout=3600 re

[ovirt-users] Re: access engine by http

2019-02-15 Thread Greg Sheremeta 
I agree with Ravi.

If your use case is that you just don't want to be nagged by the browser
about your self-signed certificate, why not just import the CA into your
browser?
Like this:
https://www.ovirt.org/documentation/intro-vm-portal/What_is_the_VM_Portal.html#installing-the-ca-certificate

On Fri, Feb 15, 2019 at 9:21 AM Ravi Shankar Nori  wrote:

> I am not sure we can do what you are asking for. A lot of stuff is not
> going to work. AFAIK you will need a dedicated machine to run ovirt engine
> on the default ports.
>
> On Thu, Feb 14, 2019 at 10:29 PM du_hon...@yeah.net 
> wrote:
>
>> hi Ravi
>>  sorry, I do not understand when I visit http:
>> 192.168.122.176:80/ovirt-engine still redirect to https:
>> 192.168.122.176:443/ovirt-engine, I already fix sso_clients table;
>> who redirect http to https??
>>  thanks
>>
>>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/TPV3AFLHPVZZIHD4GW3VA6D6FO7T2GBC/

[ovirt-users] Re: access engine by http

2019-02-15 Thread Ravi Shankar Nori 
I am not sure we can do what you are asking for. A lot of stuff is not
going to work. AFAIK you will need a dedicated machine to run ovirt engine
on the default ports.

On Thu, Feb 14, 2019 at 10:29 PM du_hon...@yeah.net 
wrote:

> hi Ravi
>  sorry, I do not understand when I visit http:
> 192.168.122.176:80/ovirt-engine still redirect to https:
> 192.168.122.176:443/ovirt-engine, I already fix sso_clients table;
> who redirect http to https??
>  thanks
>
> engine=# select * from sso_clients
> engine-# ;
>  id | client_id  |
>
>  client_secret
>
> | callback_prefix
>   |  certificate_location
>|notification_callback|
>  description | email |
>
>  scope
>
>
> | trusted | notification_callback_protocol |
> notification_callback_verify_host | notification_callback_verify_chain
>
> ++
>
> --+-+-
>
> ---+-++---+---
>
> --
>
> +-++---+
>   1 | ovirt-engine-core  |
> eyJhcnRpZmFjdCI6IkVudmVsb3BlUEJFIiwic2FsdCI6ImRSc3Y1bnNCR2F0b3M1WTNNOHhiQktGaDlSbEd4SnpjWWxmdzY3NmNUaFk9Iiwic2VjcmV0IjoicE5RM2E0TXQ2aU40MU5YVVY3R0ZMZjcvVnZBMWlWWnN
> oOE1ERXozQkIwZz0iLCJ2ZXJzaW9uIjoiMSIsIml0ZXJhdGlvbnMiOiI0MDAwIiwiYWxnb3JpdGhtIjoiUEJLREYyV2l0aEhtYWNTSEExIn0=
> | http://192.168.122.176:80/ovirt-engine/ |
> /etc/pki/ovirt-engine/certs/engine.c
> er | http:/192.168.122.176:80/ovirt-engine/services/sso-callback | oVirt
> Engine   |   | openid ovirt-app-portal ovirt-app-admin
> ovirt-app-api ovirt-ext=auth:identity ovirt-ext=token:
> password-access ovirt-ext=auth:sequence-priority
> ovirt-ext=token:login-on-behalf ovirt-ext=token-info:authz-search
> ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate ovir
> t-ext=revoke:revoke-all | t   | TLS| f
> | t
>   2 | ovirt-provider-ovn |
> eyJhcnRpZmFjdCI6IkVudmVsb3BlUEJFIiwic2FsdCI6Ikh0Zlp5eFJEUXB2RmVaOTJCeU83NUxISXR3Uk9Nd05YUWYzd2wyS2lvSkE9Iiwic2VjcmV0IjoiOVlMZldRSHRiZDdBbVVQdnRNcTgwdndzWG8xMzN6a1V
> 5WXN2dEJxVEttWT0iLCJ2ZXJzaW9uIjoiMSIsIml0ZXJhdGlvbnMiOiI0MDAwIiwiYWxnb3JpdGhtIjoiUEJLREYyV2l0aEhtYWNTSEExIn0=
> | http://192.168.122.176:80/ovirt-engine/ |
> /etc/pki/ovirt-engine/certs/engine.c
> er | http:/192.168.122.176:80/ovirt-engine/services/sso-callback |
> ovirt-provider-ovn |   | ovirt-app-api ovirt-ext=token-info:validate
> ovirt-ext=token-info:public-authz-search
>
>
>
> | t   | TLS| f
> | t
> (2 rows)
>
> ------
>
> Regards
>
> Hongyu Du
>
>
> *From:* du_hon...@yeah.net
> *Date:* 2019-02-14 23:32
> *To:* Ravi Nori 
> *CC:* users 
> *Subject:* [ovirt-users] Re: access engine by http
> thanks Ravi, because  my engine certification is signed by myself, when I
> visit my ovirt-engine by browser,  browser need add security exception, so
> I want to engine by http.
>
> I realise /etc/httpd/conf.d/z-ovirt-engine-proxy.conf redirect
> /ovirt-engine to 127.0.0.1:8702  , but I do not know how to  redirect
> https , I do not find some redirect https info.
>
> I fix "ProxyPassMatch ajp://127.0.0.1:8702 timeout=3600 retry=5"   to
> "ProxyPassMatch ajp://127.0.0.1:8543 timeout=3600 retry=5"?
>
> --
>
> Regards
>
> Hongyu Du
>
>
> *From:* Ravi Shankar Nori 
> *Date:* 2019-02-14 23:16
> *To:* du_hon...@yeah.net
> *CC:* Greg Sheremeta ; users 
> *Subject:* Re: Re: [ovirt-users] access engine by http
> Apache uses ajp to communicate with engine on port 8702. You can redirect
> from Apache with a simple RewriteCond
> to jboss port 8543 but certificate verification is not going to work which
> will cause issues with all

[ovirt-users] Re: access engine by http

2019-02-14 Thread du_hon...@yeah.net 
hi Ravi
 sorry, I do not understand when I visit http:192.168.122.176:80/ovirt-engine 
still redirect to https:192.168.122.176:443/ovirt-engine, I already fix 
sso_clients table;
who redirect http to https??
 thanks

engine=# select * from sso_clients
engine-# ;
 id | client_id  |  

client_secret 

  | callback_prefix |   
   certificate_location   
   |notification_callback|
description | email |   

 scope  

  
| trusted | notification_callback_protocol | 
notification_callback_verify_host | notification_callback_verify_chain 
++
--+-+-
---+-++---+---
--
+-++---+
  1 | ovirt-engine-core  | 
eyJhcnRpZmFjdCI6IkVudmVsb3BlUEJFIiwic2FsdCI6ImRSc3Y1bnNCR2F0b3M1WTNNOHhiQktGaDlSbEd4SnpjWWxmdzY3NmNUaFk9Iiwic2VjcmV0IjoicE5RM2E0TXQ2aU40MU5YVVY3R0ZMZjcvVnZBMWlWWnN
oOE1ERXozQkIwZz0iLCJ2ZXJzaW9uIjoiMSIsIml0ZXJhdGlvbnMiOiI0MDAwIiwiYWxnb3JpdGhtIjoiUEJLREYyV2l0aEhtYWNTSEExIn0=
 | http://192.168.122.176:80/ovirt-engine/ | 
/etc/pki/ovirt-engine/certs/engine.c
er | http:/192.168.122.176:80/ovirt-engine/services/sso-callback | oVirt Engine 
  |   | openid ovirt-app-portal ovirt-app-admin ovirt-app-api 
ovirt-ext=auth:identity ovirt-ext=token:
password-access ovirt-ext=auth:sequence-priority 
ovirt-ext=token:login-on-behalf ovirt-ext=token-info:authz-search 
ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate ovir
t-ext=revoke:revoke-all | t   | TLS| f  
   | t
  2 | ovirt-provider-ovn | 
eyJhcnRpZmFjdCI6IkVudmVsb3BlUEJFIiwic2FsdCI6Ikh0Zlp5eFJEUXB2RmVaOTJCeU83NUxISXR3Uk9Nd05YUWYzd2wyS2lvSkE9Iiwic2VjcmV0IjoiOVlMZldRSHRiZDdBbVVQdnRNcTgwdndzWG8xMzN6a1V
5WXN2dEJxVEttWT0iLCJ2ZXJzaW9uIjoiMSIsIml0ZXJhdGlvbnMiOiI0MDAwIiwiYWxnb3JpdGhtIjoiUEJLREYyV2l0aEhtYWNTSEExIn0=
 | http://192.168.122.176:80/ovirt-engine/ | 
/etc/pki/ovirt-engine/certs/engine.c
er | http:/192.168.122.176:80/ovirt-engine/services/sso-callback | 
ovirt-provider-ovn |   | ovirt-app-api ovirt-ext=token-info:validate 
ovirt-ext=token-info:public-authz-search  


  
| t   | TLS| f  
   | t
(2 rows)



Regards
Hongyu Du
 
From: du_hon...@yeah.net
Date: 2019-02-14 23:32
To: Ravi Nori
CC: users
Subject: [ovirt-users] Re: access engine by http
thanks Ravi, because  my engine certification is signed by myself, when I visit 
my ovirt-engine by browser,  browser need add security exception, so I want to 
engine by http.

I realise /etc/httpd/conf.d/z-ovirt-engine-proxy.conf redirect /ovirt-engine to 
127.0.0.1:8702  , but I do not know how to  redirect https , I do not find some 
redirect https info.

I fix "ProxyPassMatch ajp://127.0.0.1:8702 timeout=3600 retry=5"   to 
"ProxyPassMatch ajp://127.0.0.1:8543 timeout=3600 retry=5"?



Regards
Hongyu Du
 
From: Ravi Shankar Nori
Date: 2019-02-14 23:16
To: du_hon...@yeah.net
CC: Greg Sheremeta; users
Subject: Re: Re: [ovirt-users] access engine by http
Apache uses ajp to communicate with engine on port 8702. You can redirect from 
Apache with a simple RewriteCond 
to jboss port 8543 but certificate verification is not going to work which will 
cause issues with all oVirt tools.

More over oVirt SSO is not going to let you access UI on port other than 443 
when in

[ovirt-users] Re: access engine by http

2019-02-14 Thread du_hon...@yeah.net 
thanks Ravi, because  my engine certification is signed by myself, when I visit 
my ovirt-engine by browser,  browser need add security exception, so I want to 
engine by http.

I realise /etc/httpd/conf.d/z-ovirt-engine-proxy.conf redirect /ovirt-engine to 
127.0.0.1:8702  , but I do not know how to  redirect https , I do not find some 
redirect https info.

I fix "ProxyPassMatch ajp://127.0.0.1:8702 timeout=3600 retry=5"   to 
"ProxyPassMatch ajp://127.0.0.1:8543 timeout=3600 retry=5"?



Regards
Hongyu Du
 
From: Ravi Shankar Nori
Date: 2019-02-14 23:16
To: du_hon...@yeah.net
CC: Greg Sheremeta; users
Subject: Re: Re: [ovirt-users] access engine by http
Apache uses ajp to communicate with engine on port 8702. You can redirect from 
Apache with a simple RewriteCond 
to jboss port 8543 but certificate verification is not going to work which will 
cause issues with all oVirt tools.

More over oVirt SSO is not going to let you access UI on port other than 443 
when installed through rpms. 
You will need to fiddle with the database to update the redirect uris in the 
sso_clients table.

The best you can do is change the proxy port in 
/etc/ovirt-engine/engine.conf.d/10-setup-protocols.conf and keep the AJP in 
place.

Why are you trying to by pass Apache?

On Thu, Feb 14, 2019 at 9:25 AM du_hon...@yeah.net  wrote:
sorry I describe errror,
 my /etc/ovirt-engine/engine.conf.d/10-setup-protocols.conf 

ENGINE_FQDN=localhost.localdomain
ENGINE_PROXY_ENABLED=false
ENGINE_PROXY_HTTP_PORT=None
ENGINE_PROXY_HTTPS_PORT=None
ENGINE_AJP_ENABLED=false
ENGINE_AJP_PORT=None
ENGINE_HTTP_ENABLED=true
ENGINE_HTTPS_ENABLED=false
ENGINE_HTTP_PORT=8080
ENGINE_HTTPS_PORT=8443

I know install ovirt-engine from source in a developer setup, this can visit 
engine by http.  and  not apache  in the frontend.  but I want to visit engine 
that is installed rpm by http?

Besides I realize apache not redirect http to https  ovirt  jboss redirect http 
to https? 



Regards
Hongyu Du
 
From: Greg Sheremeta
Date: 2019-02-14 19:24
To: du_hon...@yeah.net
CC: Ravi Nori; users
Subject: Re: Re: [ovirt-users] access engine by http
Sorry, I'm still not understanding what you are trying to achieve. Nothing is 
on 8843 - ?

If you install ovirt-engine from source in a developer setup, it's 8080 http by 
default and no apache in front. Maybe try that.

Greg

On Thu, Feb 14, 2019 at 12:14 AM du_hon...@yeah.net  wrote:
hi Greg, Ravi
thanks, https is ok,when I try to visit http://ip:8080/ovirt-engine but still 
rediect https://192.168.122.176:8443/tchyp-engine/,  I want to know How to 
redirect to 8843? 
Besides I try to disable ssl by comment /etc/httpd/conf/httpd.conf   
#IncludeOptional conf.d/*.conf,
But http is still redirect to https,  I should how disable redirect?
I find  this file  
/usr/share/ovirt-engine/services/ovirt-engine/ovirt-engine.xml.in, I try to 
delete follow line. but ovirt-engine server is not boot

/var/log/ovirt-engine/boot.log has some error?
13:12:43,144 INFO  [org.jboss.as] WFLYSRV0049: WildFly Full 11.0.0.Final 
(WildFly Core 3.0.8.Final) starting
13:12:44,644 INFO  [org.jboss.as.controller.management-deprecated] WFLYCTL0028: 
Attribute 'security-realm' in the resource at address 
'/core-service=management/management-interface=native-interface' is deprecated, 
and may be removed in future version. See the attribute description in the 
output of the read-resource-description operation to learn more about the 
deprecation.
13:12:44,646 INFO  [org.jboss.as.controller.management-deprecated] WFLYCTL0028: 
Attribute 'security-realm' in the resource at address 
'/core-service=management/management-interface=http-interface' is deprecated, 
and may be removed in future version. See the attribute description in the 
output of the read-resource-description operation to learn more about the 
deprecation.
13:12:44,677 INFO  [org.jboss.as.controller.management-deprecated] WFLYCTL0028: 
Attribute 'security-realm' in the resource at address 
'/subsystem=undertow/server=default-server/https-listener=https' is deprecated, 
and may be removed in future version. See the attribute description in the 
output of the read-resource-description operation to learn more about the 
deprecation.
13:12:44,677 INFO  [org.jboss.as.controller.management-deprecated] WFLYCTL0028: 
Attribute 'enabled-protocols' in the resource at address 
'/subsystem=undertow/server=default-server/https-listener=https' is deprecated, 
and may be removed in future version. See the attribute description in the 
output of the read-resource-description operation to learn more about the 
deprecation.
13:12:44,840 INFO  [org.jboss.as.server.deployment.scanner] WFLYDS0004: Found 
restapi.war in deployment directory. To trigger deployment create a file called 
restapi.war.dodeploy
13:12:44,840 INFO  [org.jboss.as.server.deployment.scanner] WFLYDS0004: Found 
engine.ear in deployment directory. To trigger deployment create a file called 
engine.ear.dodepl

[ovirt-users] Re: access engine by http

2019-02-14 Thread Ravi Shankar Nori 
Apache uses ajp to communicate with engine on port 8702. You can redirect
from Apache with a simple RewriteCond
to jboss port 8543 but certificate verification is not going to work which
will cause issues with all oVirt tools.

More over oVirt SSO is not going to let you access UI on port other than
443 when installed through rpms.
You will need to fiddle with the database to update the redirect uris in
the sso_clients table.

The best you can do is change the proxy port in
/etc/ovirt-engine/engine.conf.d/10-setup-protocols.conf and keep the AJP in
place.

Why are you trying to by pass Apache?

On Thu, Feb 14, 2019 at 9:25 AM du_hon...@yeah.net 
wrote:

> sorry I describe errror,
>  my /etc/ovirt-engine/engine.conf.d/10-setup-protocols.conf
>
> ENGINE_FQDN=localhost.localdomain
> ENGINE_PROXY_ENABLED=false
> ENGINE_PROXY_HTTP_PORT=None
> ENGINE_PROXY_HTTPS_PORT=None
> ENGINE_AJP_ENABLED=false
> ENGINE_AJP_PORT=None
> ENGINE_HTTP_ENABLED=true
> ENGINE_HTTPS_ENABLED=false
> ENGINE_HTTP_PORT=8080
> ENGINE_HTTPS_PORT=8443
>
> I know install ovirt-engine from source in a developer setup, this can
> visit engine by http.  and  not apache  in the frontend.  but I want to
> visit engine that is installed rpm by http?
>
> Besides I realize apache not redirect http to https  ovirt  jboss redirect
> http to https?
>
> --
>
> Regards
>
> Hongyu Du
>
>
> *From:* Greg Sheremeta 
> *Date:* 2019-02-14 19:24
> *To:* du_hon...@yeah.net
> *CC:* Ravi Nori ; users 
> *Subject:* Re: Re: [ovirt-users] access engine by http
> Sorry, I'm still not understanding what you are trying to achieve. Nothing
> is on 8843 - ?
>
> If you install ovirt-engine from source in a developer setup, it's 8080
> http by default and no apache in front. Maybe try that.
>
> Greg
>
> On Thu, Feb 14, 2019 at 12:14 AM du_hon...@yeah.net 
> wrote:
>
>> hi Greg, Ravi
>> thanks, https is ok,when I try to visit http://ip:8080/ovirt-engine but
>> still rediect https://192.168.122.176:8443/tchyp-engine/,  I want to
>> know How to redirect to 8843?
>> Besides I try to disable ssl by comment /etc/httpd/conf/httpd.conf
>> #IncludeOptional conf.d/*.conf,
>> But http is still redirect to https,  I should how disable redirect?
>> I find  this file  /usr/share/ovirt-engine/services/ovirt-engine/
>> ovirt-engine.xml.in, I try to delete follow line. but ovirt-engine
>> server is not boot
>> > name="redirect"
>> port="{{ HTTPS_PORT }}"/>
>> /var/log/ovirt-engine/boot.log has some error?
>> 13:12:43,144 INFO  [org.jboss.as] WFLYSRV0049: WildFly Full 11.0.0.Final
>> (WildFly Core 3.0.8.Final) starting
>> 13:12:44,644 INFO  [org.jboss.as.controller.management-deprecated]
>> WFLYCTL0028: Attribute 'security-realm' in the resource at address
>> '/core-service=management/management-interface=native-interface' is
>> deprecated, and may be removed in future version. See the attribute
>> description in the output of the read-resource-description operation to
>> learn more about the deprecation.
>> 13:12:44,646 INFO  [org.jboss.as.controller.management-deprecated]
>> WFLYCTL0028: Attribute 'security-realm' in the resource at address
>> '/core-service=management/management-interface=http-interface' is
>> deprecated, and may be removed in future version. See the attribute
>> description in the output of the read-resource-description operation to
>> learn more about the deprecation.
>> 13:12:44,677 INFO  [org.jboss.as.controller.management-deprecated]
>> WFLYCTL0028: Attribute 'security-realm' in the resource at address
>> '/subsystem=undertow/server=default-server/https-listener=https' is
>> deprecated, and may be removed in future version. See the attribute
>> description in the output of the read-resource-description operation to
>> learn more about the deprecation.
>> 13:12:44,677 INFO  [org.jboss.as.controller.management-deprecated]
>> WFLYCTL0028: Attribute 'enabled-protocols' in the resource at address
>> '/subsystem=undertow/server=default-server/https-listener=https' is
>> deprecated, and may be removed in future version. See the attribute
>> description in the output of the read-resource-description operation to
>> learn more about the deprecation.
>> 13:12:44,840 INFO  [org.jboss.as.server.deployment.scanner] WFLYDS0004:
>> Found restapi.war in deployment directory. To trigger deployment create a
>> file called restapi.war.dodeploy
>> 13:12:44,840 INFO  [org.jboss.as.server.deployment.scanner] WFLYDS0004:
>> Found engine.ear in deployment directory. To trigger deployment create a
>> file call

[ovirt-users] Re: access engine by http

2019-02-14 Thread du_hon...@yeah.net 
sorry I describe errror,
 my /etc/ovirt-engine/engine.conf.d/10-setup-protocols.conf 

ENGINE_FQDN=localhost.localdomain
ENGINE_PROXY_ENABLED=false
ENGINE_PROXY_HTTP_PORT=None
ENGINE_PROXY_HTTPS_PORT=None
ENGINE_AJP_ENABLED=false
ENGINE_AJP_PORT=None
ENGINE_HTTP_ENABLED=true
ENGINE_HTTPS_ENABLED=false
ENGINE_HTTP_PORT=8080
ENGINE_HTTPS_PORT=8443

I know install ovirt-engine from source in a developer setup, this can visit 
engine by http.  and  not apache  in the frontend.  but I want to visit engine 
that is installed rpm by http?

Besides I realize apache not redirect http to https  ovirt  jboss redirect http 
to https? 



Regards
Hongyu Du
 
From: Greg Sheremeta
Date: 2019-02-14 19:24
To: du_hon...@yeah.net
CC: Ravi Nori; users
Subject: Re: Re: [ovirt-users] access engine by http
Sorry, I'm still not understanding what you are trying to achieve. Nothing is 
on 8843 - ?

If you install ovirt-engine from source in a developer setup, it's 8080 http by 
default and no apache in front. Maybe try that.

Greg

On Thu, Feb 14, 2019 at 12:14 AM du_hon...@yeah.net  wrote:
hi Greg, Ravi
thanks, https is ok,when I try to visit http://ip:8080/ovirt-engine but still 
rediect https://192.168.122.176:8443/tchyp-engine/,  I want to know How to 
redirect to 8843? 
Besides I try to disable ssl by comment /etc/httpd/conf/httpd.conf   
#IncludeOptional conf.d/*.conf,
But http is still redirect to https,  I should how disable redirect?
I find  this file  
/usr/share/ovirt-engine/services/ovirt-engine/ovirt-engine.xml.in, I try to 
delete follow line. but ovirt-engine server is not boot

/var/log/ovirt-engine/boot.log has some error?
13:12:43,144 INFO  [org.jboss.as] WFLYSRV0049: WildFly Full 11.0.0.Final 
(WildFly Core 3.0.8.Final) starting
13:12:44,644 INFO  [org.jboss.as.controller.management-deprecated] WFLYCTL0028: 
Attribute 'security-realm' in the resource at address 
'/core-service=management/management-interface=native-interface' is deprecated, 
and may be removed in future version. See the attribute description in the 
output of the read-resource-description operation to learn more about the 
deprecation.
13:12:44,646 INFO  [org.jboss.as.controller.management-deprecated] WFLYCTL0028: 
Attribute 'security-realm' in the resource at address 
'/core-service=management/management-interface=http-interface' is deprecated, 
and may be removed in future version. See the attribute description in the 
output of the read-resource-description operation to learn more about the 
deprecation.
13:12:44,677 INFO  [org.jboss.as.controller.management-deprecated] WFLYCTL0028: 
Attribute 'security-realm' in the resource at address 
'/subsystem=undertow/server=default-server/https-listener=https' is deprecated, 
and may be removed in future version. See the attribute description in the 
output of the read-resource-description operation to learn more about the 
deprecation.
13:12:44,677 INFO  [org.jboss.as.controller.management-deprecated] WFLYCTL0028: 
Attribute 'enabled-protocols' in the resource at address 
'/subsystem=undertow/server=default-server/https-listener=https' is deprecated, 
and may be removed in future version. See the attribute description in the 
output of the read-resource-description operation to learn more about the 
deprecation.
13:12:44,840 INFO  [org.jboss.as.server.deployment.scanner] WFLYDS0004: Found 
restapi.war in deployment directory. To trigger deployment create a file called 
restapi.war.dodeploy
13:12:44,840 INFO  [org.jboss.as.server.deployment.scanner] WFLYDS0004: Found 
engine.ear in deployment directory. To trigger deployment create a file called 
engine.ear.dodeploy
13:12:44,840 INFO  [org.jboss.as.server.deployment.scanner] WFLYDS0004: Found 
ovirt-web-ui.war in deployment directory. To trigger deployment create a file 
called ovirt-web-ui.war.dodeploy
13:12:44,840 INFO  [org.jboss.as.server.deployment.scanner] WFLYDS0004: Found 
apidoc.war in deployment directory. To trigger deployment create a file called 
apidoc.war.dodeploy
13:12:44,895 ERROR [org.jboss.as.controller] WFLYCTL0362: Capabilities required 
by resource '/subsystem=undertow/server=default-server/http-listener=http' are 
not available:
org.wildfly.network.socket-binding.redirect; Possible registration points 
for this capability:
/socket-binding-group=*/socket-binding=*
13:12:44,900 FATAL [org.jboss.as.server] WFLYSRV0056: Server boot has failed in 
an unrecoverable manner; exiting. See previous messages for details.
13:12:44,920 INFO  [org.jboss.as] WFLYSRV0050: WildFly Full 11.0.0.Final 
(WildFly Core 3.0.8.Final) stopped in 13ms




Regards
Hongyu Du
 
From: Greg Sheremeta
Date: 2019-02-14 04:08
To: du_hon...@yeah.net; Ravi Nori
CC: users
Subject: Re: [ovirt-users] access engine by http
What are you trying to achieve? SSL is good :)

I suspect you have to disable ssl in the apache server
/etc/httpd/conf.d/ssl.conf
but I'm not really sure.

And, if you do, I suspect some things that use certificates won't

[ovirt-users] Re: access engine by http

2019-02-14 Thread Greg Sheremeta 
Sorry, I'm still not understanding what you are trying to achieve. Nothing
is on 8843 - ?

If you install ovirt-engine from source in a developer setup, it's 8080
http by default and no apache in front. Maybe try that.

Greg

On Thu, Feb 14, 2019 at 12:14 AM du_hon...@yeah.net 
wrote:

> hi Greg, Ravi
> thanks, https is ok,when I try to visit http://ip:8080/ovirt-engine but
> still rediect https://192.168.122.176:8443/tchyp-engine/,  I want to know
> How to redirect to 8843?
> Besides I try to disable ssl by comment /etc/httpd/conf/httpd.conf
> #IncludeOptional conf.d/*.conf,
> But http is still redirect to https,  I should how disable redirect?
> I find  this file  /usr/share/ovirt-engine/services/ovirt-engine/
> ovirt-engine.xml.in, I try to delete follow line. but ovirt-engine server
> is not boot
>  name="redirect"
> port="{{ HTTPS_PORT }}"/>
> /var/log/ovirt-engine/boot.log has some error?
> 13:12:43,144 INFO  [org.jboss.as] WFLYSRV0049: WildFly Full 11.0.0.Final
> (WildFly Core 3.0.8.Final) starting
> 13:12:44,644 INFO  [org.jboss.as.controller.management-deprecated]
> WFLYCTL0028: Attribute 'security-realm' in the resource at address
> '/core-service=management/management-interface=native-interface' is
> deprecated, and may be removed in future version. See the attribute
> description in the output of the read-resource-description operation to
> learn more about the deprecation.
> 13:12:44,646 INFO  [org.jboss.as.controller.management-deprecated]
> WFLYCTL0028: Attribute 'security-realm' in the resource at address
> '/core-service=management/management-interface=http-interface' is
> deprecated, and may be removed in future version. See the attribute
> description in the output of the read-resource-description operation to
> learn more about the deprecation.
> 13:12:44,677 INFO  [org.jboss.as.controller.management-deprecated]
> WFLYCTL0028: Attribute 'security-realm' in the resource at address
> '/subsystem=undertow/server=default-server/https-listener=https' is
> deprecated, and may be removed in future version. See the attribute
> description in the output of the read-resource-description operation to
> learn more about the deprecation.
> 13:12:44,677 INFO  [org.jboss.as.controller.management-deprecated]
> WFLYCTL0028: Attribute 'enabled-protocols' in the resource at address
> '/subsystem=undertow/server=default-server/https-listener=https' is
> deprecated, and may be removed in future version. See the attribute
> description in the output of the read-resource-description operation to
> learn more about the deprecation.
> 13:12:44,840 INFO  [org.jboss.as.server.deployment.scanner] WFLYDS0004:
> Found restapi.war in deployment directory. To trigger deployment create a
> file called restapi.war.dodeploy
> 13:12:44,840 INFO  [org.jboss.as.server.deployment.scanner] WFLYDS0004:
> Found engine.ear in deployment directory. To trigger deployment create a
> file called engine.ear.dodeploy
> 13:12:44,840 INFO  [org.jboss.as.server.deployment.scanner] WFLYDS0004:
> Found ovirt-web-ui.war in deployment directory. To trigger deployment
> create a file called ovirt-web-ui.war.dodeploy
> 13:12:44,840 INFO  [org.jboss.as.server.deployment.scanner] WFLYDS0004:
> Found apidoc.war in deployment directory. To trigger deployment create a
> file called apidoc.war.dodeploy
> 13:12:44,895 ERROR [org.jboss.as.controller] WFLYCTL0362: Capabilities
> required by resource
> '/subsystem=undertow/server=default-server/http-listener=http' are not
> available:
> org.wildfly.network.socket-binding.redirect; Possible registration
> points for this capability:
> /socket-binding-group=*/socket-binding=*
> 13:12:44,900 FATAL [org.jboss.as.server] WFLYSRV0056: Server boot has
> failed in an unrecoverable manner; exiting. See previous messages for
> details.
> 13:12:44,920 INFO  [org.jboss.as] WFLYSRV0050: WildFly Full 11.0.0.Final
> (WildFly Core 3.0.8.Final) stopped in 13ms
>
>
> --
>
> Regards
>
> Hongyu Du
>
>
> *From:* Greg Sheremeta 
> *Date:* 2019-02-14 04:08
> *To:* du_hon...@yeah.net; Ravi Nori 
> *CC:* users 
> *Subject:* Re: [ovirt-users] access engine by http
> What are you trying to achieve? SSL is good :)
>
> I suspect you have to disable ssl in the apache server
> /etc/httpd/conf.d/ssl.conf
> but I'm not really sure.
>
> And, if you do, I suspect some things that use certificates won't work,
> either (console, disk upload, etc.)
>
> Ravi might know more.
>
> Greg
>
> On Wed, Feb 13, 2019 at 3:39 AM du_hon...@yeah.net 
> wrote:
>
>> I want to access engine by http, after engine-setup success, I fix
>> /etc/ovirt-engine/engine.conf.d/10

[ovirt-users] Re: access engine by http

2019-02-13 Thread du_hon...@yeah.net 
hi Greg, Ravi
thanks, https is ok,when I try to visit http://ip:8080/ovirt-engine but still 
rediect https://192.168.122.176:8443/tchyp-engine/,  I want to know How to 
redirect to 8843? 
Besides I try to disable ssl by comment /etc/httpd/conf/httpd.conf   
#IncludeOptional conf.d/*.conf,
But http is still redirect to https,  I should how disable redirect?
I find  this file  
/usr/share/ovirt-engine/services/ovirt-engine/ovirt-engine.xml.in, I try to 
delete follow line. but ovirt-engine server is not boot

/var/log/ovirt-engine/boot.log has some error?
13:12:43,144 INFO  [org.jboss.as] WFLYSRV0049: WildFly Full 11.0.0.Final 
(WildFly Core 3.0.8.Final) starting
13:12:44,644 INFO  [org.jboss.as.controller.management-deprecated] WFLYCTL0028: 
Attribute 'security-realm' in the resource at address 
'/core-service=management/management-interface=native-interface' is deprecated, 
and may be removed in future version. See the attribute description in the 
output of the read-resource-description operation to learn more about the 
deprecation.
13:12:44,646 INFO  [org.jboss.as.controller.management-deprecated] WFLYCTL0028: 
Attribute 'security-realm' in the resource at address 
'/core-service=management/management-interface=http-interface' is deprecated, 
and may be removed in future version. See the attribute description in the 
output of the read-resource-description operation to learn more about the 
deprecation.
13:12:44,677 INFO  [org.jboss.as.controller.management-deprecated] WFLYCTL0028: 
Attribute 'security-realm' in the resource at address 
'/subsystem=undertow/server=default-server/https-listener=https' is deprecated, 
and may be removed in future version. See the attribute description in the 
output of the read-resource-description operation to learn more about the 
deprecation.
13:12:44,677 INFO  [org.jboss.as.controller.management-deprecated] WFLYCTL0028: 
Attribute 'enabled-protocols' in the resource at address 
'/subsystem=undertow/server=default-server/https-listener=https' is deprecated, 
and may be removed in future version. See the attribute description in the 
output of the read-resource-description operation to learn more about the 
deprecation.
13:12:44,840 INFO  [org.jboss.as.server.deployment.scanner] WFLYDS0004: Found 
restapi.war in deployment directory. To trigger deployment create a file called 
restapi.war.dodeploy
13:12:44,840 INFO  [org.jboss.as.server.deployment.scanner] WFLYDS0004: Found 
engine.ear in deployment directory. To trigger deployment create a file called 
engine.ear.dodeploy
13:12:44,840 INFO  [org.jboss.as.server.deployment.scanner] WFLYDS0004: Found 
ovirt-web-ui.war in deployment directory. To trigger deployment create a file 
called ovirt-web-ui.war.dodeploy
13:12:44,840 INFO  [org.jboss.as.server.deployment.scanner] WFLYDS0004: Found 
apidoc.war in deployment directory. To trigger deployment create a file called 
apidoc.war.dodeploy
13:12:44,895 ERROR [org.jboss.as.controller] WFLYCTL0362: Capabilities required 
by resource '/subsystem=undertow/server=default-server/http-listener=http' are 
not available:
org.wildfly.network.socket-binding.redirect; Possible registration points 
for this capability:
/socket-binding-group=*/socket-binding=*
13:12:44,900 FATAL [org.jboss.as.server] WFLYSRV0056: Server boot has failed in 
an unrecoverable manner; exiting. See previous messages for details.
13:12:44,920 INFO  [org.jboss.as] WFLYSRV0050: WildFly Full 11.0.0.Final 
(WildFly Core 3.0.8.Final) stopped in 13ms




Regards
Hongyu Du
 
From: Greg Sheremeta
Date: 2019-02-14 04:08
To: du_hon...@yeah.net; Ravi Nori
CC: users
Subject: Re: [ovirt-users] access engine by http
What are you trying to achieve? SSL is good :)

I suspect you have to disable ssl in the apache server
/etc/httpd/conf.d/ssl.conf
but I'm not really sure.

And, if you do, I suspect some things that use certificates won't work, either 
(console, disk upload, etc.)

Ravi might know more.

Greg

On Wed, Feb 13, 2019 at 3:39 AM du_hon...@yeah.net  wrote:
I want to access engine by http, after engine-setup success, I fix 
/etc/ovirt-engine/engine.conf.d/10-setup-protocols.conf

ENGINE_FQDN=localhost.localdomain
ENGINE_PROXY_ENABLED=false
ENGINE_PROXY_HTTP_PORT=None
ENGINE_PROXY_HTTPS_PORT=None
ENGINE_AJP_ENABLED=false
ENGINE_AJP_PORT=None
ENGINE_HTTP_ENABLED=true
ENGINE_HTTPS_ENABLED=false
ENGINE_HTTP_PORT=8080
ENGINE_HTTPS_PORT=443

but I access http://ip:8080/ovirt-engine ,  still browser is redirect to https, 
 I should how to disable redirect?





Regards
Hongyu Du
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/5K4Z2Y5ORRCA4QLQLA5BPPJNSEP6JKNN/


-- 
GREG SHEREMETA
SENIOR

[ovirt-users] Re: access engine by http

2019-02-13 Thread Greg Sheremeta 
What are you trying to achieve? SSL is good :)

I suspect you have to disable ssl in the apache server
/etc/httpd/conf.d/ssl.conf
but I'm not really sure.

And, if you do, I suspect some things that use certificates won't work,
either (console, disk upload, etc.)

Ravi might know more.

Greg

On Wed, Feb 13, 2019 at 3:39 AM du_hon...@yeah.net 
wrote:

> I want to access engine by http, after engine-setup success, I fix
> /etc/ovirt-engine/engine.conf.d/10-setup-protocols.conf
>
> ENGINE_FQDN=localhost.localdomain
> ENGINE_PROXY_ENABLED=false
> ENGINE_PROXY_HTTP_PORT=None
> ENGINE_PROXY_HTTPS_PORT=None
> ENGINE_AJP_ENABLED=false
> ENGINE_AJP_PORT=None
> ENGINE_HTTP_ENABLED=true
> ENGINE_HTTPS_ENABLED=false
> ENGINE_HTTP_PORT=8080
> ENGINE_HTTPS_PORT=443
>
> but I access http://ip:8080/ovirt-engine ,  still browser is redirect to
> https,  I should how to disable redirect?
>
>
>
> --
>
> Regards
>
> Hongyu Du
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/5K4Z2Y5ORRCA4QLQLA5BPPJNSEP6JKNN/
>


-- 

GREG SHEREMETA

SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX

Red Hat NA



gsher...@redhat.comIRC: gshereme

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/P3AH62SCPJUEI2ZG4NKR6CUG4W5NOOAO/