Bug 1358160

Summary: Dashboard show zeros. reports-interface-proxy doesn't trust externally-issued web certificate in spite of issuer being in system (and java) trust store
Product: [oVirt] ovirt-engine Reporter: Konstantin <miac.romanov>
Component: Backend.CoreAssignee: Alexander Wels <awels>
Status: CLOSED CURRENTRELEASE QA Contact: meital avital <mavital>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 4.0.1CC: awels, bugs, lsvaty, miac.romanov, mperina, nicolas, pstehlik, sbonazzo
Target Milestone: ovirt-4.0.2Flags: rule-engine: ovirt-4.0.z+
rule-engine: exception+
rule-engine: planning_ack+
rule-engine: devel_ack+
lsvaty: testing_ack+
Target Release: 4.0.2.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-08-18 06:27:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: UX RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Konstantin 2016-07-20 08:14:52 UTC 
Description of problem:
reports-interface-proxy doesn't trust externally-issued web certificate in spite of issuer being in system (and java) trust store
Dashboard show only historical data

Version-Release number of selected component (if applicable):
4.0.1

How reproducible:
always

Steps to Reproduce:
1. get certificate for mod_ssl from external CA
2. add the external CA that signed the mod_ssl certificate to the trust store (trust add /path/to/CA.crt or cp /path/to/CA.crt /etc/pki/ca-trust/source/anchors/ && update-ca-trust)
3. make recomeded steps from https://bugzilla.redhat.com/show_bug.cgi?id=1336838
4. Login to Administration portal

Actual results:
Dashboard show 0 in usage params
Log file contains:
2016-07-20 09:03:26,834 ERROR [io.undertow.request] (default task-25) UT005023: Exception handling request to /ovirt-engine/services/reports-interface-proxy: javax.servlet.ServletException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at org.ovirt.engine.core.uutils.servlet.ProxyServletBase.doGet(ProxyServletBase.java:163) [uutils.jar:]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
....


Expected results:
Dashboard show correct data

Additional info:
Comment 1 Martin Perina 2016-07-21 09:17:53 UTC 
Hi Konstantin,
we have a fix for the certificate issue, but the root cause of this issue is different: we have removed reports from 4.0, so during upgrade from 3.6 to 4.0 all reports related configuration should be removed. It's obvious we have a bug here, so could you please try to execute following commands which should reveal us leftovers from reports configuration?

  cd /etc/ovirt-engine/engine.conf.d
  grep ENGINE_REPORTS_BASE_URL . -r

Thanks.
Comment 2 Konstantin 2016-07-21 11:44:54 UTC 
Hi, 
this is result:

./10-setup-reports-access.conf:ENGINE_REPORTS_BASE_URL=https://ovirt-dwh.DOMAIN:443/ovirt-engine-reports
./10-setup-reports-access.conf:ENGINE_REPORTS_DASHBOARD_URL=${ENGINE_REPORTS_BASE_URL}/flow.html?_flowId=viewReportFlow&viewAsDashboardFrame=true
./10-setup-reports-access.conf:ENGINE_REPORTS_RIGHTCLICK_URL=${ENGINE_REPORTS_BASE_URL}/flow.html?_flowId=viewReportFlow
./10-setup-reports-access.conf:ENGINE_REPORTS_PROXY_URL=${ENGINE_REPORTS_BASE_URL}/ovirt/reports-interface

I must remove this settings?
Comment 3 Martin Perina 2016-07-21 12:00:43 UTC 
Could you please try to remove 10-setup-reports-access.conf (please do a backup of the file just to be sure) and restart ovirt-engine service? It should fix your issue ...
Comment 4 Konstantin 2016-07-21 12:29:55 UTC 
Something changed. 
No error in log file, but dashboard show incorrect data.
Usage of CPU, Memory and Storage 0.

Screenshot https://postimg.org/image/ukcf1lj0x/
Comment 5 Alexander Wels 2016-07-21 12:32:07 UTC 
Is the DWH service still running, that looks like there is no data in the database for the last few hours.
Comment 6 Konstantin 2016-07-21 13:08:07 UTC 
It's running on separate host.
It was problem with time. 
After adjusting system time problem is gone.
Thank you for help!
Comment 7 Martin Perina 2016-07-21 13:23:28 UTC 
Have you removed 10-setup-reports-access.conf? Or have it started to work just after time sync?
Comment 8 Konstantin 2016-07-21 13:54:14 UTC 
Yes i removed 10-setup-reports-access.conf, after that errors like "UT005023: Exception handling request to /ovirt-engine/services/reports-interface-proxy" no longer appear.
And then I sync time on DWH server to get correct current statistics.
Comment 9 Pavel Stehlik 2016-08-18 06:27:59 UTC 
Closing due to resources, if still happens please reopen.