I'm not sure it's a good idea if you're running 4.0. This procedure does half of the job as it don't touch the custom java trust store and missing parts are mandatory for ovirt 4. So I'm now stuck with an unreachable UI after an upgrade and I don't know if I can roll back.
> Le 10 août 2016 à 17:30, Marcelo Leandro <marcelol...@gmail.com> a écrit : > > Good morning , > > "You need to have correctly set up engine FQDN and it has to be resolvable. > If you don't have correctly set engine FQDN, you can fix that using > ovirt-engine-rename tool, more info can be found at: > > https://www.ovirt.org/documentation/how-to/networking/changing-engine-hostname/ > > <https://www.ovirt.org/documentation/how-to/networking/changing-engine-hostname/> > " > > can I make the procedure with host and vms in production? > > Thanks. > > 2016-08-03 14:34 GMT-03:00 Martin Perina <mper...@redhat.com > <mailto:mper...@redhat.com>>: > > > On Wed, Aug 3, 2016 at 5:25 PM, Fabrice Bacchella > <fabrice.bacche...@icloud.com <mailto:fabrice.bacche...@icloud.com>> wrote: > Next step : > > The UI says, even with a restarted navigator: > > org.codehaus.jackson.JsonParseException: Unexpected character ('<' (code > 60)): expected a valid value (number, String, array, object, 'true', 'false' > or 'null') at [Source: java.io.StringReader@74749f78; line: 3, column: 2] > > I haven't seen this error before, could you please share server.log and > engine.log? > > > > I shift-reload, got a welcome screen, click on "Administration portal". I > then got a warning. The vhost for ovirt is "ovirt.mydomain", but I got a > redirect to: > https://ovirt.mydomain/ovirt-engine/webadmin/sso/login?&app_url=https%3A%2F%2Fovirt.mydomain%2Fovirt-engine%2Fwebadmin%2F%3Flocale%3Den_US&locale=en_US > > <https://ovirt.mydomain/ovirt-engine/webadmin/sso/login?&app_url=https%3A%2F%2Fovirt.mydomain%2Fovirt-engine%2Fwebadmin%2F%3Flocale%3Den_US&locale=en_US> > that then redirect to: > https://realhost.mydomain:443/ovirt-engine/sso/oauth/authorize?client_id=ovirt-engine-core&response_type=code&redirect_uri=https%3A%2F%2Fovirt.mydomain%3A443%2Fovirt-engine%2Fwebadmin%2Fsso%2Foauth2-callback&scope=ovirt-app-admin+ovirt-app-portal+ovirt-ext%3Dauth%3Asequence-priority%3D%7E&state=5ku3vXkfb10 > > <https://realhost.mydomain/ovirt-engine/sso/oauth/authorize?client_id=ovirt-engine-core&response_type=code&redirect_uri=https%3A%2F%2Fovirt.mydomain%3A443%2Fovirt-engine%2Fwebadmin%2Fsso%2Foauth2-callback&scope=ovirt-app-admin+ovirt-app-portal+ovirt-ext%3Dauth%3Asequence-priority%3D%7E&state=5ku3vXkfb10> > > And it fail with again with still: > org.codehaus.jackson.JsonParseException: Unexpected character ('<' (code > 60)): expected a valid value (number, String, array, object, 'true', 'false' > or 'null') at [Source: java.io.StringReader@328a4512; line: 3, column: 2] > > Many requests were send to ovirt.mydomain, but just one to > realhost.mydomain:443, I don't know why. > > You need to have correctly set up engine FQDN and it has to be resolvable. > If you don't have correctly set engine FQDN, you can fix that using > ovirt-engine-rename tool, more info can be found at: > > https://www.ovirt.org/documentation/how-to/networking/changing-engine-hostname/ > > <https://www.ovirt.org/documentation/how-to/networking/changing-engine-hostname/> > > Also be aware that you need to use that engine FQDN to access oVirt 4.0 > > > I didn't ask for any SSO, I already use my own (CAS), it was working well and > the update never ask for activating something new. > > This is one of the oVirt 4.0 features, we have implemented OAUTH SSO for > all engine parts: webadmin, userportal and restapi. If you are using CAS > (althought it's officially supported by oVirt), that probably means you have > configured cas authentication on Apache, passing authenticated username using > aaa-misc as authn extension and aaa-ldap as authz extension (to get group > memberships for authenticated user). If that's true then please take a look > at > > https://bugzilla.redhat.com/show_bug.cgi?id=1342192 > <https://bugzilla.redhat.com/show_bug.cgi?id=1342192> > > there are some changes on Apache configuration (the bug is for kerberos, but > I suspect similar config is needed also for cas module in apache). > > > > > Le 3 août 2016 à 15:09, Martin Perina <mper...@redhat.com > > <mailto:mper...@redhat.com>> a écrit : > > > > Hi, > > please follow steps as described in BZ: > > > > 1. Create /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf (you > > may choose different filename but it has to end with '.conf' suffix) with > > following content: > > > > ENGINE_HTTPS_PKI_TRUST_STORE="<full path to your java keystore>" > > ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD="<password to your java keystore>" > > > > 2. Restart the engine > > > > If the above doesn't work please attach server.log/engine.log > > > > Thanks > > > > Martin Perina > > > > _______________________________________________ > Users mailing list > Users@ovirt.org <mailto:Users@ovirt.org> > http://lists.ovirt.org/mailman/listinfo/users > <http://lists.ovirt.org/mailman/listinfo/users> > >
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
