Red Hat Bugzilla – Full Text Bug Listing
|Summary:||Align virt-viewer to engine SSO and remove proprietary HTTP session access|
|Product:||[oVirt] ovirt-engine||Reporter:||Alon Bar-Lev <alonbl>|
|Status:||CLOSED CURRENTRELEASE||QA Contact:||sefi litmanovich <slitmano>|
|Version:||4.0.0||CC:||amarchuk, bgraveno, bugs, eedri, iheim, mbetak, mgoldboi, michal.skrivanek, oourfali, rnori, sbonazzo, sigbjorn, tjelinek, vszocs|
|Fixed In Version:||Doc Type:||Enhancement|
The Virt Viewers .vv file's 'versions=' row requires a remote-viewer that supports the 'sso-token=' row. The minimum versions are: - Windows (64-bit and 32-bit): 2.0-160 - Red Hat Enterprise Linux 7: 2.0-8 - Red Hat Enterprise Linux 6: No supporting sso-token planned.
|Last Closed:||2016-08-12 10:22:55 EDT||Type:||Bug|
|oVirt Team:||Virt||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:||1286696, 1324457, 1339247|
|Bug Blocks:||975730, 1092744|
Description Alon Bar-Lev 2015-11-26 15:50:28 EST
We had long discussion about this in bug#975730, gerrit and offline. It was a mistake to add non standard approach to hijack session, it was a mistake to alter another project to use something that is far from being an interface of product, but you implemented anyway. Now time to revert. Please open a bug that blocks this with virt-viewer to use the SSO token to access the restapi instead of using the http session. The usage of SSO token is specified here. In nut shell it is accessible by adding: Authorization: Bearer TOKEN TOKEN is available within application.  http://www.ovirt.org/Features/UniformSSOSupport
Comment 1 Alon Bar-Lev 2015-11-26 16:21:14 EST
BTW: adding the feature as ability to set any header within the .vv as I recommended, would have made it possible to migrate into the new setup without implication of virt-viewer. Unfortunately we need to revisit this one.
Comment 2 Red Hat Bugzilla Rules Engine 2015-11-27 01:05:36 EST
Target release should be placed once a package build is known to fix a issue. Since this bug is not modified, the target version has been reset. Please use target milestone to plan a fix for a oVirt release.
Comment 3 Michal Skrivanek 2015-11-27 04:36:54 EST
after initial investigation, please open follow up bugs on virt-viewer need to sync with https://gerrit.ovirt.org/#/c/49278/ and both Linux and Windows version of virt-viewer
Comment 5 Oved Ourfali 2016-03-11 02:14:35 EST
As we handle sessions differently, and if I understand the context correctly, this must be done in 4.0.
Comment 6 vszocs 2016-03-11 09:33:19 EST
(In reply to Oved Ourfali from comment #5) > As we handle sessions differently, and if I understand the context > correctly, this must be done in 4.0. AFAIK, in 4.0 the REST webapp will still support cookie-based server-side session mechanism . This is because there might be systems/tools still relying on this mechanism.  http://www.ovirt.org/develop/release-management/features/infra/restsessionmanagement/ Anyway, in 4.0 we'd like to align UI with SSO, dropping reliance on REST webapp session mechanism. This impacts UI plugins + virt-viewer (vv file) integration. See commit msg  for details on impacts of this change.  https://gerrit.ovirt.org/#/c/49278/ Once BZ#1286696 is fixed & verified we can proceed with  and close this BZ thereafter.
Comment 7 Sandro Bonazzola 2016-05-02 06:00:08 EDT
Moving from 4.0 alpha to 4.0 beta since 4.0 alpha has been already released and bug is not ON_QA.
Comment 8 vszocs 2016-05-17 08:07:13 EDT
Update: https://gerrit.ovirt.org/#/c/49278/ is now merged in master -> console.vv file now contains `sso-token`, replacing the `jsessionid`. BZ#1286696 is still on POST with rhel-7.2.z? flag (not approved yet).
Comment 9 Yaniv Lavi 2016-05-23 09:16:40 EDT
oVirt 4.0 beta has been released, moving to RC milestone.
Comment 10 Yaniv Lavi 2016-05-23 09:20:19 EDT
oVirt 4.0 beta has been released, moving to RC milestone.
Comment 11 Michal Skrivanek 2016-06-14 17:04:40 EDT
This _is_ broken as of now as far as I know. Martin?
Comment 12 Martin Betak 2016-06-15 07:33:33 EDT
@Vojtech: since the engine patch has been in for some time and both platform bugs BZ#1286696 and BZ#1339247 are now ON_QA is there anything else missing?
Comment 13 vszocs 2016-06-15 09:03:20 EDT
(In reply to Martin Betak from comment #12) > @Vojtech: since the engine patch has been in for some time and both platform > bugs BZ#1286696 and BZ#1339247 are now ON_QA is there anything else missing? BZ#1339247 is for Windows edition of virt-viewer (mingw-virt-viewer). BZ#1286696 is for RHEL 7.3 virt-viewer. BZ#1344635 is for RHEL 7.2 virt-viewer -> this is what we need in RHEV 4. I think there's one more thing to do: update Engine `RemoteViewerSupportedVersions` config value to reflect supported virt-viewer version, similar to what was done in patch https://gerrit.ovirt.org/#/c/56616/
Comment 14 Michal Skrivanek 2016-06-15 09:26:47 EDT
let's wait a bit until the virt-viewer hits the outside world...
Comment 15 Michal Skrivanek 2016-07-22 06:59:31 EDT
Moran, note there is no RHEL6 virt-viewer support (bug 1347656). So fixing this properly limits the console clients to RHEL7.2+ and Windows.
Comment 16 Moran Goldboim 2016-07-25 09:32:23 EDT
(In reply to Michal Skrivanek from comment #15) > Moran, note there is no RHEL6 virt-viewer support (bug 1347656). So fixing > this properly limits the console clients to RHEL7.2+ and Windows. ack on the change, let's make sure documentation is covering it well, specifically on the product requirements definitions.
Comment 20 sefi litmanovich 2016-08-11 11:13:32 EDT
Verified with rhevm-18.104.22.168-0.1.el7ev.noarch. The scope of this bz: version line in .vv file updated according to virt-viewer versions supporting sso-token. .vv file and engine-config contains the correct values. Verified that spice console doesn't open with rhel 6 client. Verified that spice console opens with rhel 7 with virt-viewer-2.0-11, windows 7 32 bit with 2.0-160 and windows 8 64 bit wiht 2.0-176.