[prev in list] [next in list] [prev in thread] [next in thread]
List: vdsm-devel
Subject: Re: [ovirt-devel] Can't add DC with API v4 - client issue
From: Ravi Nori <rnori () redhat ! com>
Date: 2016-10-14 22:04:03
Message-ID: CAJcXQO088k2tLPFVOHnQLb+N448xMNKOpQevB1R9kmQsFsm71Q () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Also can you please try following command to directly obtain token from
SSO. Can replace engine with FQDN and IP to see if both work
curl -v -k -H "Accept: application/json" 'https://
<engine>:443/ovirt-engine/sso/oauth/token?grant_type=password&username=admin@internal
&password=123&scope=ovirt-app-api'
You should see output similar to the one below
{"access_token":"K0sBa0D3rLtmNTdMJ-Q4FzOgCtGGY2cSFSCwbLkG94te9nDdmEzHSizsFaOeNMdwOziIv3l2-Uqm8bxWkMpwMA","scope":"ovirt-app-api
ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search
ovirt-ext=token-info:validate","exp":-381399824,"token_type":"bearer"}
Thanks
Ravi
On Fri, Oct 14, 2016 at 4:00 PM, Yaniv Kaul <ykaul@redhat.com> wrote:
> On Oct 14, 2016 7:13 PM, "Ravi Nori" <rnori@redhat.com> wrote:
> >
> > SSO configuration looks good.
> >
> > Can you please share any additional httpd configuration in
> /etc/httpd/conf.d. Anything to do with LocationMatch for ovirt-engine urls.
>
> This is a standard ovirt-system-tests on Lago installation, nothing out of
> the ordinary, but I'll check.
> Y.
>
> >
> > On Fri, Oct 14, 2016 at 12:52 PM, Yaniv Kaul <ykaul@redhat.com> wrote:
> > >
> > >
> > >
> > > On Fri, Oct 14, 2016 at 3:50 PM, Ravi Nori <rnori@redhat.com> wrote:
> > > >
> > > > Hi Yaniv,
> > > >
> > > > Can you check the output of https:://<engine>/ovirt-engine/sso/status
> in your browser and see if the SSO service is active.
> > > >
> > > > If SSO is deployed, you should see an output similar to the one below.
> Also are you able to login to webadmin using the browser?
> > >
> > >
> > > I am able to login using the webui.
> > >
> > > >
> > > >
> > > > {"status_description":"SSO Webapp Deployed","version":"0","
> status":"active"}
> > >
> > >
> > > Indeed:
> > > {"status_description":"SSO Webapp Deployed","version":"0","
> status":"active"}
> > >
> > > (not sure what 'version 0' means?)
> > >
> > > >
> > > >
> > > > Please share the content of /etc/ovirt-engine/engine.conf.
> d/11-setup-sso.conf
> > >
> > >
> > > [root@lago-basic-suite-master-engine ~]# cat
> /etc/ovirt-engine/engine.conf.d/11-setup-sso.conf
> > > ENGINE_SSO_CLIENT_ID="ovirt-engine-core"
> > > ENGINE_SSO_CLIENT_SECRET="bsOabtD7gE2McwLe80P109UV800XLx4O"
> > > ENGINE_SSO_AUTH_URL="https://${ENGINE_FQDN}:443/ovirt-engine/sso"
> > > ENGINE_SSO_SERVICE_URL="https://localhost:443/ovirt-engine/sso"
> > > ENGINE_SSO_SERVICE_SSL_VERIFY_HOST=false
> > > ENGINE_SSO_SERVICE_SSL_VERIFY_CHAIN=true
> > > SSO_ALTERNATE_ENGINE_FQDNS=""
> > > SSO_ENGINE_URL="https://${ENGINE_FQDN}:443/ovirt-engine/"
> > >
> > >
> > > Thanks,
> > > Y.
> > >
> > >
> > > >
> > > >
> > > > Thanks
> > > >
> > > > Ravi
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > On Fri, Oct 14, 2016 at 7:57 AM, Juan Hernández <jhernand@redhat.com>
> wrote:
> > > > >
> > > > > On 10/14/2016 01:45 PM, Yaniv Kaul wrote:
> > > > > >
> > > > > >
> > > > > > On Thu, Oct 13, 2016 at 11:13 AM, Juan Hernández <
> jhernand@redhat.com
> > > > > > <mailto:jhernand@redhat.com>> wrote:
> > > > > >
> > > > > > On 10/13/2016 12:04 AM, Yaniv Kaul wrote:
> > > > > > > On Fri, Oct 7, 2016 at 10:44 PM, Yaniv Kaul <ykaul@redhat.com
> <mailto:ykaul@redhat.com>
> > > > > > > <mailto:ykaul@redhat.com <mailto:ykaul@redhat.com>>> wrote:
> > > > > > >
> > > > > > > I'm trying on FC24, using
> > > > > > >
> > > > > > python-ovirt-engine-sdk4-4.1.0-0.0.20161003git056315d.fc24.x86_64
> to
> > > > > > > add a DC, and failing - against master. The client is
> unhappy:
> > > > > > > File
> > > > > > >
> > > > > > "/home/ykaul/ovirt-system-tests/basic-suite-master/test-
> scenarios/002_bootstrap.py",
> > > > > > > line 98, in add_dc4
> > > > > > > version=sdk4.types.Version(
> major=DC_VER_MAJ,minor=DC_VER_MIN),
> > > > > > > File "/usr/lib64/python2.7/site-
> packages/ovirtsdk4/services.py",
> > > > > > > line 4347, in add
> > > > > > > response = self._connection.send(request)
> > > > > > > File "/usr/lib64/python2.7/site-
> packages/ovirtsdk4/__init__.py",
> > > > > > > line 276, in send
> > > > > > > return self.__send(request)
> > > > > > > File "/usr/lib64/python2.7/site-
> packages/ovirtsdk4/__init__.py",
> > > > > > > line 298, in __send
> > > > > > > self._sso_token = self._get_access_token()
> > > > > > > File "/usr/lib64/python2.7/site-
> packages/ovirtsdk4/__init__.py",
> > > > > > > line 460, in _get_access_token
> > > > > > > sso_response = self._get_sso_response(self._sso_url,
> > > > > > post_data)
> > > > > > > File "/usr/lib64/python2.7/site-
> packages/ovirtsdk4/__init__.py",
> > > > > > > line 498, in _get_sso_response
> > > > > > > return json.loads(body_buf.getvalue()
> .decode('utf-8'))
> > > > > > > File "/usr/lib64/python2.7/json/__init__.py", line
> 339, in loads
> > > > > > > return _default_decoder.decode(s)
> > > > > > > File "/usr/lib64/python2.7/json/decoder.py", line 364,
> in decode
> > > > > > > obj, end = self.raw_decode(s, idx=_w(s, 0).end())
> > > > > > > File "/usr/lib64/python2.7/json/decoder.py", line 382,
> in
> > > > > > raw_decode
> > > > > > > raise ValueError("No JSON object could be decoded")
> > > > > > > ValueError: No JSON object could be decoded
> > > > > > >
> > > > > > >
> > > > > > > Surprisingly, I now can't find that RPM of this SDK in
> > > > > > > resources.ovirt.org <http://resources.ovirt.org>
> > > > > > <http://resources.ovirt.org> now.
> > > > > > >
> > > > > > > I've tried
> > > > > > > with
> > > > > > http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/
> fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.
> 20161004gitf94eeb5.fc24.x86_64.rpm
> > > > > > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/
> fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.
> 20161004gitf94eeb5.fc24.x86_64.rpm>
> > > > > > >
> > > > > > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/
> fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.
> 20161004gitf94eeb5.fc24.x86_64.rpm
> > > > > > <http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/
> fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.
> 20161004gitf94eeb5.fc24.x86_64.rpm>>
> > > > > > >
> > > > > > > - same result.
> > > > > > >
> > > > > > > Did not see anything obvious on server or engine logs.
> > > > > > > The code:
> > > > > > > def add_dc4(api):
> > > > > > > nt.assert_true(api != None)
> > > > > > > dcs_service = api.system_service().data_
> centers_service()
> > > > > > > nt.assert_true(
> > > > > > > dc = dcs_service.add(
> > > > > > > sdk4.types.DataCenter(
> > > > > > > name=DC_NAME4,
> > > > > > > description='APIv4 DC',
> > > > > > > local=False,
> > > > > > >
> > > > > > > version=sdk4.types.Version(major=DC_VER_MAJ,minor=DC_VER_
> MIN),
> > > > > > > ),
> > > > > > > )
> > > > > > > )
> > > > > > >
> > > > > > >
> > > > > > > And the api object is from:
> > > > > > > return sdk4.Connection(
> > > > > > > url=url,
> > > > > > > username=constants.ENGINE_USER,
> > > > > > >
> > > > > > password=str(self.metadata['ovirt-engine-password']),
> > > > > > > insecure=True,
> > > > > > > debug=True,
> > > > > > > )
> > > > > > >
> > > > > > >
> > > > > > > The clue is actually on the HTTPd logs:
> > > > > > > 192.168.203.1 - - [12/Oct/2016:17:56:27 -0400] "POST
> > > > > > > /ovirt-engine/sso/oauth/token HTTP/1.1" 404 74
> > > > > > >
> > > > > > > And indeed, from the deubg log:
> > > > > > > begin captured logging << --------------------\n
> > > > > > > root: DEBUG: Trying 192.168.203.3...\n
> > > > > > > root: DEBUG: Connected to 192.168.203.3 (192.168.203.3) port
> 443
> > > > > > (#0)\n
> > > > > > > root: DEBUG: Initializing NSS with certpath:
> sql:/etc/pki/nssdb\n
> > > > > > > root: DEBUG: skipping SSL peer certificate verification\n
> > > > > > > root: DEBUG: ALPN/NPN, server did not agree to a protocol\n
> > > > > > > root: DEBUG: SSL connection using
> > > > > > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n
> > > > > > > root: DEBUG: Server certificate:\n
> > > > > > > root: DEBUG: subject: CN=engine,O=Test,C=US\n
> > > > > > > root: DEBUG: start date: Oct 11 21:55:29 2016 GMT\n
> > > > > > > root: DEBUG: expire date: Sep 16 21:55:29 2021 GMT\n
> > > > > > > root: DEBUG: common name: engine\nroot: DEBUG: issuer:
> > > > > > > CN=engine.38998,O=Test,C=US\n
> > > > > > > *root: DEBUG: POST /ovirt-engine/sso/oauth/token HTTP/1.1\n*
> > > > > > > *root: DEBUG: Host: 192.168.203.3\n*
> > > > > > > *root: DEBUG: User-Agent: PythonSDK/4.1.0a0\n*
> > > > > > > *root: DEBUG: Accept: application/json\n*
> > > > > > > *root: DEBUG: Content-Length: 78\n*
> > > > > > > *root: DEBUG: Content-Type: application/x-www-form-
> urlencoded\nroot:
> > > > > > > DEBUG:
> > > > > > >
> > > > > > username=admin%40internal&scope=ovirt-app-api&password=
> 123&grant_type=password\n*
> > > > > > > *root: DEBUG: upload completely sent off: 78 out of 78
> bytes\n*
> > > > > > > *root: DEBUG: HTTP/1.1 404 Not Found\n*
> > > > > > > *root: DEBUG: Date: Wed, 12 Oct 2016 21:56:27 GMT\n*
> > > > > > > *root: DEBUG: Server: Apache/2.4.6 (CentOS)
> OpenSSL/1.0.1e-fips\n*
> > > > > > > *root: DEBUG: Content-Length: 74\n*
> > > > > > > *root: DEBUG: Content-Type: text/html; charset=UTF-8\n*
> > > > > > > *root: DEBUG: \n*
> > > > > > > *root: DEBUG: <html><head><title>Error</title></head><body>404
> - Not
> > > > > > > Found</body></html>\n*
> > > > > > > root: DEBUG: Connection #0 to host 192.168.203.3 left intact\n
> > > > > > > --------------------- >> end captured logging
> > > > > > >
> > > > > >
> > > > > > That definitively looks like version 3 of the engine. Either
> that or
> > > > > > version 4 of the engine with web server configuration modified
> so that
> > > > > > the SSO doesn't work as expected.
> > > > > >
> > > > > > What do you get if you run this against that server?
> > > > > >
> > > > > >
> > > > > > Attached.
> > > > > > Y.
> > > > > >
> > > > >
> > > > > OK, that is version 4.1 of the engine, so next question is why the SSO
> > > > > service is not responding. Do you see any message in
> > > > > /var/log/ovirt-engine/server.log about "enginesso.war" not being
> > > > > deployed? Did you do any modification to the
> > > > > /etc/httpd/conf.d/z-ovirt-engine.conf file?
> > > > >
> > > > > Ravi, Martin, any idea of why the SSO service may not be working?
> > > > >
> > > > > >
> > > > > >
> > > > > > curl \
> > > > > > --verbose \
> > > > > > --insecure \
> > > > > > --request GET \
> > > > > > --user "admin@internal:yourpassword" \
> > > > > > --header "Version: 4" \
> > > > > > --header "Accept: application/xml" \
> > > > > > "https://thatserver/ovirt-engine/api
> > > > > > <https://thatserver/ovirt-engine/api>"
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
> > > > > 3 ºD, 28016 Madrid, Spain
> > > > > Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat
> S.L.
> > > >
> > > >
> > >
> >
>
[Attachment #5 (text/html)]
<div dir="ltr"><div><div>Also can you please try following command to directly obtain \
token from SSO. Can replace engine with FQDN and IP to see if both work<br><br>curl \
-v -k -H "Accept: application/json" \
'https://<engine>:443/ovirt-engine/sso/oauth/token?grant_type=password&u \
sername=admin@internal&password=123&scope=ovirt-app-api'<br><br></div><div>You \
should see output similar to the one \
below<br><br>{"access_token":"K0sBa0D3rLtmNTdMJ-Q4FzOgCtGGY2cSFSCwbLkG9 \
4te9nDdmEzHSizsFaOeNMdwOziIv3l2-Uqm8bxWkMpwMA","scope":"ovirt-app-api \
ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search \
ovirt-ext=token-info:validate","exp":-381399824,"token_type": \
"bearer"}<br></div><div><br></div>Thanks<br><br></div>Ravi<br></div><div \
class="gmail_extra"><br><div class="gmail_quote">On Fri, Oct 14, 2016 at 4:00 PM, \
Yaniv Kaul <span dir="ltr"><<a href="mailto:ykaul@redhat.com" \
target="_blank">ykaul@redhat.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><span class=""><p dir="ltr"></p> <p dir="ltr">On Oct 14, 2016 \
7:13 PM, "Ravi Nori" <<a href="mailto:rnori@redhat.com" \
target="_blank">rnori@redhat.com</a>> wrote:<br> ><br>
> SSO configuration looks good. <br>
><br>
> Can you please share any additional httpd configuration in /etc/httpd/conf.d. \
Anything to do with LocationMatch for ovirt-engine urls.</p> </span><p dir="ltr">This \
is a standard ovirt-system-tests on Lago installation, nothing out of the ordinary, \
but I'll check. <br><span class="HOEnZb"><font color="#888888"> Y. \
</font></span></p><div class="HOEnZb"><div class="h5"> <p dir="ltr">><br>
> On Fri, Oct 14, 2016 at 12:52 PM, Yaniv Kaul <<a \
href="mailto:ykaul@redhat.com" target="_blank">ykaul@redhat.com</a>> wrote:<br> \
>><br> >><br>
>><br>
>> On Fri, Oct 14, 2016 at 3:50 PM, Ravi Nori <<a \
href="mailto:rnori@redhat.com" target="_blank">rnori@redhat.com</a>> wrote:<br> \
>>><br> >>> Hi Yaniv,<br>
>>><br>
>>> Can you check the output of \
https:://<engine>/ovirt-<wbr>engine/sso/status in your browser and see if the \
SSO service is active.<br> >>><br>
>>> If SSO is deployed, you should see an output similar to the one below. \
Also are you able to login to webadmin using the browser? <br> >><br>
>><br>
>> I am able to login using the webui.<br>
>> <br>
>>><br>
>>><br>
>>> {"status_description":"SSO Webapp \
Deployed","version":"0","<wbr>status":"active"}<br>
>><br>
>><br>
>> Indeed:<br>
>> {"status_description":"SSO Webapp \
Deployed","version":"0","<wbr>status":"active"}<br>
>><br>
>> (not sure what 'version 0' means?)<br>
>> <br>
>>><br>
>>><br>
>>> Please share the content of \
/etc/ovirt-engine/engine.conf.<wbr>d/11-setup-sso.conf<br> >><br>
>><br>
>> [root@lago-basic-suite-master-<wbr>engine ~]# cat \
/etc/ovirt-engine/engine.conf.<wbr>d/11-setup-sso.conf<br> >> \
ENGINE_SSO_CLIENT_ID="ovirt-<wbr>engine-core"<br> >> \
ENGINE_SSO_CLIENT_SECRET="<wbr>bsOabtD7gE2McwLe80P109UV800XLx<wbr>4O"<br> \
>> ENGINE_SSO_AUTH_URL="https://$<wbr>{ENGINE_FQDN}:443/ovirt-<wbr>engine/sso"<br>
>> ENGINE_SSO_SERVICE_URL="<a \
href="https://localhost:443/ovirt-engine/sso" \
target="_blank">https:<wbr>//localhost:443/ovirt-engine/<wbr>sso</a>"<br> \
>> ENGINE_SSO_SERVICE_SSL_VERIFY_<wbr>HOST=false<br> >> \
ENGINE_SSO_SERVICE_SSL_VERIFY_<wbr>CHAIN=true<br> >> \
SSO_ALTERNATE_ENGINE_FQDNS=""<br> >> \
SSO_ENGINE_URL="https://${<wbr>ENGINE_FQDN}:443/ovirt-engine/<wbr>"<br> \
>><br> >><br>
>> Thanks,<br>
>> Y.<br>
>><br>
>> <br>
>>><br>
>>><br>
>>> Thanks<br>
>>><br>
>>> Ravi<br>
>>><br>
>>><br>
>>><br>
>>><br>
>>><br>
>>> On Fri, Oct 14, 2016 at 7:57 AM, Juan Hernández <<a \
href="mailto:jhernand@redhat.com" target="_blank">jhernand@redhat.com</a>> \
wrote:<br> >>>><br>
>>>> On 10/14/2016 01:45 PM, Yaniv Kaul wrote:<br>
>>>> ><br>
>>>> ><br>
>>>> > On Thu, Oct 13, 2016 at 11:13 AM, Juan Hernández <<a \
href="mailto:jhernand@redhat.com" target="_blank">jhernand@redhat.com</a><br> \
>>>> > <mailto:<a href="mailto:jhernand@redhat.com" \
target="_blank">jhernand@redhat.com</a>>> wrote:<br> >>>> ><br>
>>>> > On 10/13/2016 12:04 AM, Yaniv Kaul wrote:<br>
>>>> > > On Fri, Oct 7, 2016 at 10:44 PM, Yaniv Kaul <<a \
href="mailto:ykaul@redhat.com" target="_blank">ykaul@redhat.com</a> <mailto:<a \
href="mailto:ykaul@redhat.com" target="_blank">ykaul@redhat.com</a>><br> \
>>>> > > <mailto:<a href="mailto:ykaul@redhat.com" \
target="_blank">ykaul@redhat.com</a> <mailto:<a href="mailto:ykaul@redhat.com" \
target="_blank">ykaul@redhat.com</a>>>> wrote:<br> >>>> > \
><br> >>>> > > I'm trying on FC24, using<br>
>>>> > ><br>
>>>> > \
python-ovirt-engine-sdk4-4.1.<wbr>0-0.0.20161003git056315d.fc24.<wbr>x86_64 to<br> \
>>>> > > add a DC, and failing - against master. The \
client is unhappy:<br> >>>> > > File<br>
>>>> > ><br>
>>>> > \
"/home/ykaul/ovirt-system-<wbr>tests/basic-suite-master/test-<wbr>scenarios/002_bootstrap.py",<br>
>>>> > > line 98, in add_dc4<br>
>>>> > > \
version=sdk4.types.Version(<wbr>major=DC_VER_MAJ,minor=DC_VER_<wbr>MIN),<br> \
>>>> > > File \
"/usr/lib64/python2.7/site-<wbr>packages/ovirtsdk4/services.<wbr>py",<br> \
>>>> > > line 4347, in add<br> >>>> > \
> response = self._connection.send(request)<br> >>>> > \
> File "/usr/lib64/python2.7/site-<wbr>packages/ovirtsdk4/__init__.<wbr>py",<br>
>>>> > > line 276, in send<br>
>>>> > > return self.__send(request)<br>
>>>> > > File \
"/usr/lib64/python2.7/site-<wbr>packages/ovirtsdk4/__init__.<wbr>py",<br> \
>>>> > > line 298, in __send<br> >>>> \
> > self._sso_token = self._get_access_token()<br> \
>>>> > > File \
"/usr/lib64/python2.7/site-<wbr>packages/ovirtsdk4/__init__.<wbr>py",<br> \
>>>> > > line 460, in _get_access_token<br> \
>>>> > > sso_response = \
self._get_sso_response(self._<wbr>sso_url,<br> >>>> > \
post_data)<br> >>>> > > File \
"/usr/lib64/python2.7/site-<wbr>packages/ovirtsdk4/__init__.<wbr>py",<br> \
>>>> > > line 498, in _get_sso_response<br> \
>>>> > > return \
json.loads(body_buf.getvalue()<wbr>.decode('utf-8'))<br> >>>> \
> > File \
"/usr/lib64/python2.7/json/__<wbr>init__.py", line 339, in loads<br> \
>>>> > > return _default_decoder.decode(s)<br> \
>>>> > > File \
"/usr/lib64/python2.7/json/<wbr>decoder.py", line 364, in decode<br> \
>>>> > > obj, end = self.raw_decode(s, \
idx=_w(s, 0).end())<br> >>>> > > File \
"/usr/lib64/python2.7/json/<wbr>decoder.py", line 382, in<br> \
>>>> > raw_decode<br> >>>> > > \
raise ValueError("No JSON object could be decoded")<br> >>>> \
> > ValueError: No JSON object could be decoded<br> \
>>>> > ><br> >>>> > ><br>
>>>> > > Surprisingly, I now can't find that RPM \
of this SDK in<br> >>>> > > <a \
href="http://resources.ovirt.org" target="_blank">resources.ovirt.org</a> <<a \
href="http://resources.ovirt.org" \
target="_blank">http://resources.ovirt.org</a>><br> >>>> > \
<<a href="http://resources.ovirt.org" \
target="_blank">http://resources.ovirt.org</a>> now.<br> >>>> > \
><br> >>>> > > I've tried<br>
>>>> > > with<br>
>>>> > <a \
href="http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm" \
target="_blank">http://resources.ovirt.org/<wbr>pub/ovirt-master-snapshot/rpm/<wbr>fc2 \
4/x86_64/python-ovirt-<wbr>engine-sdk4-4.0.0-0.1.<wbr>20161004gitf94eeb5.fc24.x86_<wbr>64.rpm</a><br>
>>>> > <<a \
href="http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm" \
target="_blank">http://resources.ovirt.org/<wbr>pub/ovirt-master-snapshot/rpm/<wbr>fc2 \
4/x86_64/python-ovirt-<wbr>engine-sdk4-4.0.0-0.1.<wbr>20161004gitf94eeb5.fc24.x86_<wbr>64.rpm</a>><br>
>>>> > ><br>
>>>> > <<a \
href="http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm" \
target="_blank">http://resources.ovirt.org/<wbr>pub/ovirt-master-snapshot/rpm/<wbr>fc2 \
4/x86_64/python-ovirt-<wbr>engine-sdk4-4.0.0-0.1.<wbr>20161004gitf94eeb5.fc24.x86_<wbr>64.rpm</a><br>
>>>> > <<a \
href="http://resources.ovirt.org/pub/ovirt-master-snapshot/rpm/fc24/x86_64/python-ovirt-engine-sdk4-4.0.0-0.1.20161004gitf94eeb5.fc24.x86_64.rpm" \
target="_blank">http://resources.ovirt.org/<wbr>pub/ovirt-master-snapshot/rpm/<wbr>fc2 \
4/x86_64/python-ovirt-<wbr>engine-sdk4-4.0.0-0.1.<wbr>20161004gitf94eeb5.fc24.x86_<wbr>64.rpm</a>>><br>
>>>> > ><br>
>>>> > > - same result.<br>
>>>> > ><br>
>>>> > > Did not see anything obvious on server or \
engine logs.<br> >>>> > > The code:<br>
>>>> > > def add_dc4(api):<br>
>>>> > > nt.assert_true(api != None)<br>
>>>> > > dcs_service = \
api.system_service().data_<wbr>centers_service()<br> >>>> > \
> nt.assert_true(<br> >>>> > > \
dc = dcs_service.add(<br> >>>> > > \
sdk4.types.DataCenter(<br> >>>> > > \
name=DC_NAME4,<br> >>>> > > \
description='APIv4 DC',<br> >>>> > > \
local=False,<br> >>>> > ><br>
>>>> > > \
version=sdk4.types.Version(<wbr>major=DC_VER_MAJ,minor=DC_VER_<wbr>MIN),<br> \
>>>> > > ),<br> >>>> \
> > )<br> >>>> > > \
)<br> >>>> > ><br>
>>>> > ><br>
>>>> > > And the api object is from:<br>
>>>> > > return \
sdk4.Connection(<br> >>>> > > \
url=url,<br> >>>> > > \
username=constants.ENGINE_<wbr>USER,<br> >>>> > ><br>
>>>> > \
password=str(self.metadata['<wbr>ovirt-engine-password']),<br> \
>>>> > > insecure=True,<br> \
>>>> > > debug=True,<br> \
>>>> > > )<br> >>>> \
> ><br> >>>> > ><br>
>>>> > > The clue is actually on the HTTPd logs:<br>
>>>> > > 192.168.203.1 - - [12/Oct/2016:17:56:27 -0400] \
"POST<br> >>>> > > /ovirt-engine/sso/oauth/token \
HTTP/1.1" 404 74<br> >>>> > ><br>
>>>> > > And indeed, from the deubg log:<br>
>>>> > > begin captured logging << \
--------------------\n<br> >>>> > > root: DEBUG: Trying \
192.168.203.3...\n<br> >>>> > > root: DEBUG: Connected to \
192.168.203.3 (192.168.203.3) port 443<br> >>>> > (#0)\n<br>
>>>> > > root: DEBUG: Initializing NSS with certpath: \
sql:/etc/pki/nssdb\n<br> >>>> > > root: DEBUG: skipping SSL \
peer certificate verification\n<br> >>>> > > root: DEBUG: \
ALPN/NPN, server did not agree to a protocol\n<br> >>>> > > \
root: DEBUG: SSL connection using<br> >>>> > \
TLS_ECDHE_RSA_WITH_AES_128_<wbr>GCM_SHA256\n<br> >>>> > > \
root: DEBUG: Server certificate:\n<br> >>>> > > root: DEBUG: \
subject: CN=engine,O=Test,C=US\n<br> >>>> > > root: DEBUG: \
start date: Oct 11 21:55:29 2016 GMT\n<br> >>>> > > root: \
DEBUG: expire date: Sep 16 21:55:29 2021 GMT\n<br> >>>> > > \
root: DEBUG: common name: engine\nroot: DEBUG: issuer:<br> >>>> > \
> CN=engine.38998,O=Test,C=US\n<br> >>>> > > *root: \
DEBUG: POST /ovirt-engine/sso/oauth/token HTTP/1.1\n*<br> >>>> > \
> *root: DEBUG: Host: 192.168.203.3\n*<br> >>>> > > \
*root: DEBUG: User-Agent: PythonSDK/4.1.0a0\n*<br> >>>> > > \
*root: DEBUG: Accept: application/json\n*<br> >>>> > > \
*root: DEBUG: Content-Length: 78\n*<br> >>>> > > *root: \
DEBUG: Content-Type: application/x-www-form-<wbr>urlencoded\nroot:<br> \
>>>> > > DEBUG:<br> >>>> > ><br>
>>>> > \
username=admin%40internal&<wbr>scope=ovirt-app-api&password=<wbr>123&grant_type=password\n*<br>
>>>> > > *root: DEBUG: upload completely sent off: 78 out \
of 78 bytes\n*<br> >>>> > > *root: DEBUG: HTTP/1.1 404 Not \
Found\n*<br> >>>> > > *root: DEBUG: Date: Wed, 12 Oct 2016 \
21:56:27 GMT\n*<br> >>>> > > *root: DEBUG: Server: \
Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips\n*<br> >>>> > > \
*root: DEBUG: Content-Length: 74\n*<br> >>>> > > *root: \
DEBUG: Content-Type: text/html; charset=UTF-8\n*<br> >>>> > \
> *root: DEBUG: \n*<br> >>>> > > *root: DEBUG: \
<html><head><title>Error</<wbr>title></head><body>404 \
- Not<br> >>>> > > Found</body></html>\n*<br>
>>>> > > root: DEBUG: Connection #0 to host 192.168.203.3 \
left intact\n<br> >>>> > > --------------------- >> \
end captured logging<br> >>>> > ><br>
>>>> ><br>
>>>> > That definitively looks like version 3 of the engine. \
Either that or<br> >>>> > version 4 of the engine with web \
server configuration modified so that<br> >>>> > the SSO \
doesn't work as expected.<br> >>>> ><br>
>>>> > What do you get if you run this against that server?<br>
>>>> ><br>
>>>> ><br>
>>>> > Attached.<br>
>>>> > Y.<br>
>>>> ><br>
>>>><br>
>>>> OK, that is version 4.1 of the engine, so next question is why the \
SSO<br> >>>> service is not responding. Do you see any message in<br>
>>>> /var/log/ovirt-engine/server.<wbr>log about \
"enginesso.war" not being<br> >>>> deployed? Did you do any \
modification to the<br> >>>> /etc/httpd/conf.d/z-ovirt-<wbr>engine.conf \
file?<br> >>>><br>
>>>> Ravi, Martin, any idea of why the SSO service may not be \
working?<br> >>>><br>
>>>> ><br>
>>>> ><br>
>>>> > curl \<br>
>>>> > --verbose \<br>
>>>> > --insecure \<br>
>>>> > --request GET \<br>
>>>> > --user "admin@internal:yourpassword" \<br>
>>>> > --header "Version: 4" \<br>
>>>> > --header "Accept: application/xml" \<br>
>>>> > "<a href="https://thatserver/ovirt-engine/api" \
target="_blank">https://thatserver/ovirt-<wbr>engine/api</a><br> >>>> \
> <<a href="https://thatserver/ovirt-engine/api" \
target="_blank">https://thatserver/ovirt-<wbr>engine/api</a>>"<br> \
>>>> ><br> >>>><br>
>>>><br>
>>>> --<br>
>>>> Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, \
planta<br> >>>> 3 ºD, 28016 Madrid, Spain<br>
>>>> Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red \
Hat S.L.<br> >>><br>
>>><br>
>><br>
></p>
</div></div></blockquote></div><br></div>
_______________________________________________
Devel mailing list
Devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic