Hide Forgot
Trying to connect to a VM through a .vv file to get foreign menu is not working with a recent RHEV 3.6 instance. I realized this is caused by the jsessionid cookie only allowing password-less access to /ovirt-engine/api, and not to /api. In RHEL 6.7, we are using /api (RHEL 7 is using /ovirt-engine/api), which explains why the foreign menu is not showing up.
Juan, can you take a look?
According to my tests both /api and /ovirt-engine/api handle the JSESSIONID cookie correctly. May it be that you are using /ovirt-engine/api to get some information and then /api to request the .vv file? If you are doing that then it won't work, as the cookie obtained for /ovirt-engine/api isn't valid for /api (and the other way around). Please use the following script to verify that cookies work correctly, and report the results: ---8<--- #!/bin/sh -ex url="https://engine.example.com/api" user="admin@internal" password="..." cookies="cookies.txt" vm_id="..." console_id="5350494345" # Request the base URL, so that we get a cookie: curl \ --verbose \ --cacert /etc/pki/ovirt-engine/ca.pem \ --request GET \ --user "${user}:${password}" \ --cookie "${cookies}" \ --cookie-jar "${cookies}" \ --header "Accept: application/xml" \ --header "Prefer: persistent-auth" \ "${url}" # Request the .vv file for the VM, without providing credentials, this should # work as we already have the cookies: curl \ --verbose \ --cacert /etc/pki/ovirt-engine/ca.pem \ --request GET \ --cookie "${cookies}" \ --cookie-jar "${cookies}" \ --header "Accept: application/x-virt-viewer" \ --header "Prefer: persistent-auth" \ "${url}/vms/${vm_id}/graphicsconsoles/${console_id} --->8--- Make sure to use the right credentials and "vm_id". Take into account that the output of this script will contain your password, inside the "Authentication" header, so you may want to edit it before sharing.
(In reply to Juan Hernández from comment #2) > According to my tests both /api and /ovirt-engine/api handle the JSESSIONID > cookie correctly. May it be that you are using /ovirt-engine/api to get some > information and then /api to request the .vv file? If you are doing that > then it won't work, as the cookie obtained for /ovirt-engine/api isn't valid > for /api (and the other way around). Oh, this is most likely the issue I'm having. For these tests, I've been trying to use the jsessionid I get from a .vv file. On RHEL6, libgovirt will try to use ovirt.example.com/api, on RHEL7 libgovirt will use ovirt.example.com/ovirt-engine/api. .vv files only list one jsessionid, so I guess this mandates the use of /ovirt-engine/api to use the REST API in this context. > Please use the following script to verify that cookies work correctly, and > report the results: > > ---8<--- > #!/bin/sh -ex > > url="https://engine.example.com/api" > user="admin@internal" > password="..." > cookies="cookies.txt" > vm_id="..." > console_id="5350494345" > > # Request the base URL, so that we get a cookie: > curl \ > --verbose \ > --cacert /etc/pki/ovirt-engine/ca.pem \ > --request GET \ > --user "${user}:${password}" \ > --cookie "${cookies}" \ > --cookie-jar "${cookies}" \ > --header "Accept: application/xml" \ > --header "Prefer: persistent-auth" \ > "${url}" > > # Request the .vv file for the VM, without providing credentials, this should > # work as we already have the cookies: > curl \ > --verbose \ > --cacert /etc/pki/ovirt-engine/ca.pem \ > --request GET \ > --cookie "${cookies}" \ > --cookie-jar "${cookies}" \ > --header "Accept: application/x-virt-viewer" \ > --header "Prefer: persistent-auth" \ > "${url}/vms/${vm_id}/graphicsconsoles/${console_id} > --->8--- > Yes, this script works for me (did not look in details, but I'm getting a HTTP/1.1 204 No Content which answer, which probably occurs _after_ auth succeeded).
Yes, the 204 code indicates that the .vv file can't be generated, probably because the VM is down or it isn't using SPICE (the console id "350494345" corresponds to SPICE), but that happens after authentication. I'm closing as NOTABUG. If you find additional related issues feel free to reopen.