Bug 1276083
Summary: | jsessionid cookie does not work with /api, only with /ovirt-engine/api | ||
---|---|---|---|
Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Christophe Fergeau <cfergeau> |
Component: | ovirt-engine | Assignee: | Juan Hernández <juan.hernandez> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 3.6.0 | CC: | amureini, cfergeau, ecohen, gklein, lsurette, oourfali, owwang, rbalakri, Rhev-m-bugs, yeylon |
Target Milestone: | ovirt-3.6.1 | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | infra | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-11-02 14:15:53 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Christophe Fergeau
2015-10-28 16:20:01 UTC
Juan, can you take a look? According to my tests both /api and /ovirt-engine/api handle the JSESSIONID cookie correctly. May it be that you are using /ovirt-engine/api to get some information and then /api to request the .vv file? If you are doing that then it won't work, as the cookie obtained for /ovirt-engine/api isn't valid for /api (and the other way around). Please use the following script to verify that cookies work correctly, and report the results: ---8<--- #!/bin/sh -ex url="https://engine.example.com/api" user="admin@internal" password="..." cookies="cookies.txt" vm_id="..." console_id="5350494345" # Request the base URL, so that we get a cookie: curl \ --verbose \ --cacert /etc/pki/ovirt-engine/ca.pem \ --request GET \ --user "${user}:${password}" \ --cookie "${cookies}" \ --cookie-jar "${cookies}" \ --header "Accept: application/xml" \ --header "Prefer: persistent-auth" \ "${url}" # Request the .vv file for the VM, without providing credentials, this should # work as we already have the cookies: curl \ --verbose \ --cacert /etc/pki/ovirt-engine/ca.pem \ --request GET \ --cookie "${cookies}" \ --cookie-jar "${cookies}" \ --header "Accept: application/x-virt-viewer" \ --header "Prefer: persistent-auth" \ "${url}/vms/${vm_id}/graphicsconsoles/${console_id} --->8--- Make sure to use the right credentials and "vm_id". Take into account that the output of this script will contain your password, inside the "Authentication" header, so you may want to edit it before sharing. (In reply to Juan Hernández from comment #2) > According to my tests both /api and /ovirt-engine/api handle the JSESSIONID > cookie correctly. May it be that you are using /ovirt-engine/api to get some > information and then /api to request the .vv file? If you are doing that > then it won't work, as the cookie obtained for /ovirt-engine/api isn't valid > for /api (and the other way around). Oh, this is most likely the issue I'm having. For these tests, I've been trying to use the jsessionid I get from a .vv file. On RHEL6, libgovirt will try to use ovirt.example.com/api, on RHEL7 libgovirt will use ovirt.example.com/ovirt-engine/api. .vv files only list one jsessionid, so I guess this mandates the use of /ovirt-engine/api to use the REST API in this context. > Please use the following script to verify that cookies work correctly, and > report the results: > > ---8<--- > #!/bin/sh -ex > > url="https://engine.example.com/api" > user="admin@internal" > password="..." > cookies="cookies.txt" > vm_id="..." > console_id="5350494345" > > # Request the base URL, so that we get a cookie: > curl \ > --verbose \ > --cacert /etc/pki/ovirt-engine/ca.pem \ > --request GET \ > --user "${user}:${password}" \ > --cookie "${cookies}" \ > --cookie-jar "${cookies}" \ > --header "Accept: application/xml" \ > --header "Prefer: persistent-auth" \ > "${url}" > > # Request the .vv file for the VM, without providing credentials, this should > # work as we already have the cookies: > curl \ > --verbose \ > --cacert /etc/pki/ovirt-engine/ca.pem \ > --request GET \ > --cookie "${cookies}" \ > --cookie-jar "${cookies}" \ > --header "Accept: application/x-virt-viewer" \ > --header "Prefer: persistent-auth" \ > "${url}/vms/${vm_id}/graphicsconsoles/${console_id} > --->8--- > Yes, this script works for me (did not look in details, but I'm getting a HTTP/1.1 204 No Content which answer, which probably occurs _after_ auth succeeded). Yes, the 204 code indicates that the .vv file can't be generated, probably because the VM is down or it isn't using SPICE (the console id "350494345" corresponds to SPICE), but that happens after authentication. I'm closing as NOTABUG. If you find additional related issues feel free to reopen. |