Bug 1018111

Summary:

https redirection broken

Product:

Red Hat Enterprise Virtualization Manager

Reporter:

Jiri Belka <jbelka>

Component:

ovirt-engine-webadmin-portal

Assignee:

Juan Hernández <juan.hernandez>

Status:

CLOSED CURRENTRELEASE

QA Contact:

Jiri Belka <jbelka>

Severity:

urgent

Docs Contact:

Priority:

urgent

Version:

3.3.0

CC:

acathrow, ecohen, gickowic, iheim, juan.hernandez, myamamot, obasan, pnovotny, Rhev-m-bugs, yeylon

Target Milestone:

---

Keywords:

Regression, Triaged

Target Release:

3.3.0

Hardware:

Unspecified

OS:

Unspecified

Whiteboard:

Fixed In Version:

is22

Doc Type:

Bug Fix

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2014-01-21 22:19:32 UTC

Type:

Bug

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Bug Depends On:

1018365

Bug Blocks:

1032811

Attachments:

Description	Flags
httpd logs	none
engine.log,server.log	none

Description Jiri Belka 2013-10-11 09:16:19 UTC

Description of problem:

HTTPS is broken, instead of Admin Portal I see:

-%-
JBWEB000065: HTTP Status 403 -

JBWEB000309: type JBWEB000067: Status report

JBWEB000068: message

JBWEB000069: description JBWEB000123: Access to the specified resource has been forbidden.
JBoss Web/7.2.2.Final-redhat-1
-%-

Changing URL to have 'https' instead of 'http' makes it working again.

access.log for FF from RHEL6.4
-%-
10.34.131.48 - - [11/Oct/2013:11:13:46 +0200] "GET / HTTP/1.1" 302 364 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0"
10.34.131.48 - - [11/Oct/2013:11:13:46 +0200] "GET /ovirt-engine/ HTTP/1.1" 200 6965 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0"
10.34.131.48 - - [11/Oct/2013:11:13:46 +0200] "GET /ovirt-engine-theme/00-ovirt.brand/welcome_style.css HTTP/1.1" 200 662 "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0"
10.34.131.48 - - [11/Oct/2013:11:13:46 +0200] "GET /ovirt-engine-theme/50-rhev-1.brand/welcome_style.css HTTP/1.1" 200 472 "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0"
10.34.131.48 - - [11/Oct/2013:11:13:46 +0200] "GET /ovirt-engine/splash.js HTTP/1.1" 200 864 "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0"
10.34.131.48 - - [11/Oct/2013:11:13:46 +0200] "GET /ovirt-engine-theme-resource/favicon HTTP/1.1" 200 318 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0"
10.34.131.48 - - [11/Oct/2013:11:13:46 +0200] "GET /ovirt-engine-theme/50-rhev-1.brand/images/welcome/bg_main.gif HTTP/1.1" 200 1395 "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine-theme/50-rhev-1.brand/welcome_style.css" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0"
10.34.131.48 - - [11/Oct/2013:11:13:46 +0200] "GET /ovirt-engine-theme/50-rhev-1.brand/images/welcome/logo_redhat.gif HTTP/1.1" 200 2341 "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine-theme/50-rhev-1.brand/welcome_style.css" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0"
10.34.131.48 - - [11/Oct/2013:11:13:46 +0200] "GET /ovirt-engine-theme/50-rhev-1.brand/images/welcome/header_right.jpg HTTP/1.1" 200 23647 "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine-theme/50-rhev-1.brand/welcome_style.css" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0"
10.34.131.48 - - [11/Oct/2013:11:13:46 +0200] "GET /ovirt-engine-theme/50-rhev-1.brand/images/welcome/bg_head.gif HTTP/1.1" 200 57 "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine-theme/50-rhev-1.brand/welcome_style.css" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0"
10.34.131.48 - - [11/Oct/2013:11:13:46 +0200] "GET /ovirt-engine-theme/00-ovirt.brand/images/triangle_down_gray.gif HTTP/1.1" 200 821 "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine-theme/00-ovirt.brand/welcome_style.css" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0"
10.34.131.48 - - [11/Oct/2013:11:14:03 +0200] "GET /webadmin/webadmin/WebAdmin.html?locale=en_US HTTP/1.1" 403 431 "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0"
10.34.131.48 - - [11/Oct/2013:11:14:03 +0200] "GET /favicon.ico HTTP/1.1" 404 333 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0"
10.34.131.48 - - [11/Oct/2013:11:14:03 +0200] "GET /favicon.ico HTTP/1.1" 404 333 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130912 Firefox/17.0"
-%-

access.log for IE from W7 64bit
-%-
10.34.61.158 - - [11/Oct/2013:11:15:10 +0200] "GET / HTTP/1.1" 302 364 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
10.34.61.158 - - [11/Oct/2013:11:15:10 +0200] "GET /ovirt-engine/ HTTP/1.1" 200 6965 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
10.34.61.158 - - [11/Oct/2013:11:15:10 +0200] "GET /ovirt-engine-theme/00-ovirt.brand/welcome_style.css HTTP/1.1" 304 - "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
10.34.61.158 - - [11/Oct/2013:11:15:10 +0200] "GET /ovirt-engine-theme/50-rhev-1.brand/welcome_style.css HTTP/1.1" 304 - "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
10.34.61.158 - - [11/Oct/2013:11:15:10 +0200] "GET /ovirt-engine-theme/00-ovirt.brand/images/triangle_down_gray.gif HTTP/1.1" 304 - "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
10.34.61.158 - - [11/Oct/2013:11:15:10 +0200] "GET /ovirt-engine-theme/50-rhev-1.brand/images/welcome/header_right.jpg HTTP/1.1" 304 - "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
10.34.61.158 - - [11/Oct/2013:11:15:10 +0200] "GET /ovirt-engine-theme/50-rhev-1.brand/images/welcome/bg_main.gif HTTP/1.1" 304 - "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
10.34.61.158 - - [11/Oct/2013:11:15:10 +0200] "GET /ovirt-engine-theme/50-rhev-1.brand/images/welcome/logo_redhat.gif HTTP/1.1" 304 - "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
10.34.61.158 - - [11/Oct/2013:11:15:10 +0200] "GET /ovirt-engine-theme/50-rhev-1.brand/images/welcome/bg_head.gif HTTP/1.1" 304 - "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
10.34.61.158 - - [11/Oct/2013:11:15:12 +0200] "GET /webadmin/webadmin/WebAdmin.html?locale=en_US HTTP/1.1" 403 431 "http://jb-rh33.rhev.lab.eng.brq.redhat.com/ovirt-engine/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
-%-

No sure if this helps...

-%-
# diff -uNp /etc/httpd/conf.d/z-ovirt-engine-proxy.con{f,f.*}
--- /etc/httpd/conf.d/z-ovirt-engine-proxy.conf 2013-10-09 17:44:54.416147990 +0200
+++ /etc/httpd/conf.d/z-ovirt-engine-proxy.conf.20131009174454  2013-10-09 17:36:18.161427000 +0200
@@ -41,7 +41,7 @@
         ProxyPass ajp://127.0.0.1:8702/
     </Location>
 
-    <LocationMatch ^/(UserPortal($|/)|RHEVManagerWeb($|/)|OvirtEngineWeb($|/)|webadmin($|/)|docs($|/)|ovirt-engine-theme/|ovirt-engine-theme-resource/|ca.crt$|engine.ssh.key.txt$|rhevm.ssh.key.txt$|ovirt-engine-files/|ovirt-engine-attachment/|ovirt-engine-novnc-main.html$|ovirt-engine-spicehtml5-main.html$)>
+    <LocationMatch ^/(UserPortal($|/)|RHEVManagerWeb($|/)|OvirtEngineWeb($|/)|webadmin($|/)|docs($|/)|ovirt-engine-novnc/|ovirt-engine-novnc-main.html$|ovirt-engine-theme/|ovirt-engine-theme-resource/|ovirt-engine-spicehtml5/|ovirt-engine-spicehtml5-main.html$|spice/|ca.crt$|engine.ssh.key.txt$|rhevm.ssh.key.txt$|ovirt-engine-attachment/)>
         ProxyPassMatch ajp://127.0.0.1:8702
         <IfModule deflate_module>
             AddOutputFilterByType DEFLATE text/javascript text/css text/html text/xml text/json application/xml application/json application/x-yaml
-%-

Version-Release number of selected component (if applicable):
is18
rhevm-3.3.0-0.25.beta1.el6ev.noarch
jbossas-core-7.3.0-1.Final_redhat_6.1.ep6.el6.noarch (from JBEAP-6.2.0.ER3.1)

How reproducible:
100%

Steps to Reproduce:
0. cd ~ ; rm -rf .mozilla (just to be sure you have clean FF profile!)
1. http://$domain
2. check url if it contains https
3. click admin portal

Actual results:
access forbidden and not via https

Expected results:
https and see login screen for admin portal

Additional info:
same for user portal

Comment 1 Jiri Belka 2013-10-11 09:21:43 UTC

Created attachment 810935 [details]
httpd logs

Comment 2 Jiri Belka 2013-10-11 09:25:47 UTC

Created attachment 810936 [details]
engine.log,server.log

Comment 3 Jiri Belka 2013-10-11 09:43:44 UTC

It did work with jboss-as-server-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch but not anymore with jboss-as-version-7.3.0-2.Final_redhat_6.1.ep6.el6.noarch (according to pnovotny@).

Comment 4 Pavel Novotny 2013-10-11 10:32:30 UTC

(In reply to Jiri Belka from comment #3)
> It did work with jboss-as-server-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch
> but not anymore with
> jboss-as-version-7.3.0-2.Final_redhat_6.1.ep6.el6.noarch (according to
> pnovotny@).

Yes, confirming that after manual update of jboss\* from 7.2.1 to 7.3.0 the redirecting to HTTPS broke.

Comment 5 Itamar Heim 2013-10-11 13:59:52 UTC

*** Bug 1017744 has been marked as a duplicate of this bug. ***

Comment 6 Itamar Heim 2013-10-11 14:01:58 UTC

we need to know if new jboss will break existing 3.1/3.2 customers as well, or its a 3.3 issue only, and the reason for breakage

Comment 7 Juan Hernández 2013-10-11 19:05:41 UTC

I verified this with the latest EAP 6.2.0 ER5.1 repository. The problem is that the "redirect-port" attribute of the AJP connector stopped working. It did work with EAP 6.1.0. It will affect 3.1 and 3.2 customers as well.

I opened bug 1018365 for EAP as I think it is a general EAP issue.

Comment 8 Juan Hernández 2013-10-16 09:37:49 UTC

The EAP bug has been moved to MODIFIED and will be included in ER7, so I guess this should be moved to MODIFIED as well. Jiri, please remember to move it to ON_QA when you start testing with ER7.

Comment 9 Jiri Belka 2013-10-16 11:06:09 UTC

Could anybody then please raise publicly what should be *next* jboss version to test with 3.3 RHEVM? Till now we were using 6.2.0.ER3.1. So it is not missed by anybody :)

Comment 10 Juan Hernández 2013-10-16 14:21:07 UTC

In my opinion it should be ER7, as soon as it becomes available.

Comment 11 Einav Cohen 2013-11-07 14:51:04 UTC

is22 is to be tested with ER7, in which bug 1018365 (JBoss) has been solved.

Comment 12 Jiri Belka 2013-11-08 15:21:49 UTC

ok, is22.

Comment 13 Itamar Heim 2014-01-21 22:19:32 UTC

Closing - RHEV 3.3 Released

Comment 14 Itamar Heim 2014-01-21 22:25:40 UTC

Closing - RHEV 3.3 Released