Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1358160 - Dashboard show zeros. reports-interface-proxy doesn't trust externally-issued web certificate in spite of issuer being in system (and java) trust store
Summary: Dashboard show zeros. reports-interface-proxy doesn't trust externally-issued...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: ovirt-engine
Classification: oVirt
Component: Backend.Core
Version: 4.0.1
Hardware: Unspecified
OS: Unspecified
unspecified
medium vote
Target Milestone: ovirt-4.0.2
: 4.0.2.1
Assignee: Alexander Wels
QA Contact: meital avital
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-07-20 08:14 UTC by Konstantin
Modified: 2016-10-27 09:41 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-08-18 06:27:59 UTC
oVirt Team: UX
rule-engine: ovirt-4.0.z+
rule-engine: exception+
rule-engine: planning_ack+
rule-engine: devel_ack+
lsvaty: testing_ack+


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
oVirt gerrit 61160 master MERGED userportal: webadmin: Use correct trust store for HTTPS connections 2016-07-21 13:32:35 UTC
oVirt gerrit 61190 ovirt-engine-4.0 MERGED userportal: webadmin: Use correct trust store for HTTPS connections 2016-07-21 13:54:22 UTC
oVirt gerrit 61192 ovirt-engine-4.0.2 MERGED userportal: webadmin: Use correct trust store for HTTPS connections 2016-07-25 08:58:34 UTC

Description Konstantin 2016-07-20 08:14:52 UTC
Description of problem:
reports-interface-proxy doesn't trust externally-issued web certificate in spite of issuer being in system (and java) trust store
Dashboard show only historical data

Version-Release number of selected component (if applicable):
4.0.1

How reproducible:
always

Steps to Reproduce:
1. get certificate for mod_ssl from external CA
2. add the external CA that signed the mod_ssl certificate to the trust store (trust add /path/to/CA.crt or cp /path/to/CA.crt /etc/pki/ca-trust/source/anchors/ && update-ca-trust)
3. make recomeded steps from https://bugzilla.redhat.com/show_bug.cgi?id=1336838
4. Login to Administration portal

Actual results:
Dashboard show 0 in usage params
Log file contains:
2016-07-20 09:03:26,834 ERROR [io.undertow.request] (default task-25) UT005023: Exception handling request to /ovirt-engine/services/reports-interface-proxy: javax.servlet.ServletException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at org.ovirt.engine.core.uutils.servlet.ProxyServletBase.doGet(ProxyServletBase.java:163) [uutils.jar:]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
....


Expected results:
Dashboard show correct data

Additional info:

Comment 1 Martin Perina 2016-07-21 09:17:53 UTC
Hi Konstantin,
we have a fix for the certificate issue, but the root cause of this issue is different: we have removed reports from 4.0, so during upgrade from 3.6 to 4.0 all reports related configuration should be removed. It's obvious we have a bug here, so could you please try to execute following commands which should reveal us leftovers from reports configuration?

  cd /etc/ovirt-engine/engine.conf.d
  grep ENGINE_REPORTS_BASE_URL . -r

Thanks.

Comment 2 Konstantin 2016-07-21 11:44:54 UTC
Hi, 
this is result:

./10-setup-reports-access.conf:ENGINE_REPORTS_BASE_URL=https://ovirt-dwh.DOMAIN:443/ovirt-engine-reports
./10-setup-reports-access.conf:ENGINE_REPORTS_DASHBOARD_URL=${ENGINE_REPORTS_BASE_URL}/flow.html?_flowId=viewReportFlow&viewAsDashboardFrame=true
./10-setup-reports-access.conf:ENGINE_REPORTS_RIGHTCLICK_URL=${ENGINE_REPORTS_BASE_URL}/flow.html?_flowId=viewReportFlow
./10-setup-reports-access.conf:ENGINE_REPORTS_PROXY_URL=${ENGINE_REPORTS_BASE_URL}/ovirt/reports-interface

I must remove this settings?

Comment 3 Martin Perina 2016-07-21 12:00:43 UTC
Could you please try to remove 10-setup-reports-access.conf (please do a backup of the file just to be sure) and restart ovirt-engine service? It should fix your issue ...

Comment 4 Konstantin 2016-07-21 12:29:55 UTC
Something changed. 
No error in log file, but dashboard show incorrect data.
Usage of CPU, Memory and Storage 0.

Screenshot https://postimg.org/image/ukcf1lj0x/

Comment 5 Alexander Wels 2016-07-21 12:32:07 UTC
Is the DWH service still running, that looks like there is no data in the database for the last few hours.

Comment 6 Konstantin 2016-07-21 13:08:07 UTC
It's running on separate host.
It was problem with time. 
After adjusting system time problem is gone.
Thank you for help!

Comment 7 Martin Perina 2016-07-21 13:23:28 UTC
Have you removed 10-setup-reports-access.conf? Or have it started to work just after time sync?

Comment 8 Konstantin 2016-07-21 13:54:14 UTC
Yes i removed 10-setup-reports-access.conf, after that errors like "UT005023: Exception handling request to /ovirt-engine/services/reports-interface-proxy" no longer appear.
And then I sync time on DWH server to get correct current statistics.

Comment 9 Pavel Stehlik 2016-08-18 06:27:59 UTC
Closing due to resources, if still happens please reopen.


Note You need to log in before you can comment on or make changes to this bug.