Bug 1325746
| Summary: | [RFE] - Provide option to access engine not only by engine FQDN but also using alternate host names | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [oVirt] ovirt-engine | Reporter: | Michael Burman <mburman> | ||||
| Component: | BLL.Infra | Assignee: | Ravi Nori <rnori> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Petr Kubica <pkubica> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 4.0.0 | CC: | bugs, dmoessne, gscott, lbopf, lsvaty, mperina, mwest, nicolas, sbonazzo, sigbjorn, ylavi | ||||
| Target Milestone: | ovirt-4.0.4 | Keywords: | FutureFeature | ||||
| Target Release: | 4.0.4 | Flags: | rule-engine:
ovirt-4.0.z+
pkubica: testing_plan_complete+ ykaul: planning_ack+ mperina: devel_ack+ lsvaty: testing_ack+ |
||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: |
Engine can be accessed using alternate host names (or IP addresses) that can configured by adding a new configuration file (for example /etc/ovirt-engine/engine.conf.d/99-custom-sso-setup.conf) with following content:
SSO_ALTERNATE_ENGINE_FQDNS="alias1.example.com alias2.example.com"
The list of alternate names has to be listed separated by spaces.
It's possible to add also IP addresses of engine host, but using IP addresses instead of DNS names is not considered to be a good practise.
|
Story Points: | --- | ||||
| Clone Of: | |||||||
| : | 1376329 (view as bug list) | Environment: | |||||
| Last Closed: | 2016-09-26 12:41:22 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1353093, 1376329, 1431721 | ||||||
| Attachments: |
|
||||||
Not sure it is an interesting use-case. However, might be annoying to some. Ravi - thoughts? Bug tickets must have version flags set prior to targeting them to a release. Please ask maintainer to set the correct version flags and only then set the target milestone. Well, everyone should be using only FQDN to access the engine and of course redirect URL validation is part of OAUTH spec. That's why we made this error message more understandable in https://gerrit.ovirt.org/54741 and only FQDN can be used to access engine. But isn't the redirection of the IP to the FQDN should work as well? Here's current flow after SSO introduction (Ravi please correct me if I miss anything): 1. You are accessing engine using IP address 2. You request is not authenticated, so you are redirected to SSO module using engine FQDN and login dialog is displayed 3. After you enter username and password, user authentication is executed 4. After user is authenticated successfully, client redirect URL is validated and here validation fails, because SSO module allows as a client service only FQDN of engine and not its IP address Moving from 4.0 alpha to 4.0 beta since 4.0 alpha has been already released and bug is not ON_QA. oVirt 4.0 beta has been released, moving to RC milestone. oVirt 4.0 beta has been released, moving to RC milestone. Retargeting not for 4.1, as we won't be able to finish that befor oVirt 4.0.0 GA. When merged to master, we can reconsider backporting to 4.0.z Verified in rhevm-4.0.4.1-0.1.el7ev.noarch *** Bug 1431262 has been marked as a duplicate of this bug. *** |
Created attachment 1145831 [details] engine logs Description of problem: [oVirt UI] - IP to FQDN redirection isn't working properly and UI isn't accessible when trying to enter first with IP. If trying to access the oVirt UI 4.0 using IP, it's redirecting to the FQDN, but after that it is just not possible to enter the UI. Only when i will enter the full FQDN in the browser i will able to log in the UI. Version-Release number of selected component (if applicable): 4.0.0-0.0.master.20160404161620.git4ffd5a4.el7.centos How reproducible: 100 Steps to Reproduce: 1. Try to enter the oVirt UI 4.0 using IP Actual results: Redirection to the FQDN just not working and we need to enter the FQDN in the browser if we want to log in the UI. Expected results: IP to FQDN should work properly. If i'm entering an IP in the browser it should redirect me to the FQDN and i should be able to log in to the UI.