blank hypervisor selection #132
Labels
Comments
|
You need to add new hypervisor via dashboard. |
|
I tried it. returns BAD_SSH_add |
|
So, you haven't copy public key to that node |
|
yes. it was done. This works - "ssh -i /var/hyper_keys/id_rsa VDI@hypervisor_address" Havn't set up thin client yet. Currently just have Dashboard server and hypervisor sever setup. Do you need to complete rest of the steps to be able to add hypervisor? |
|
[root@centos ~]# ssh -i /var/hyper_keys/id_rsa [email protected] |
|
Check permissions on private key. Perhaps web server cannot read it. |
|
[root@centos hyper_keys]# ls -la |
|
is your webserver running as root user?
…On Thu, Aug 30, 2018, 22:57 wanabnux ***@***.***> wrote:
***@***.*** hyper_keys]# ls -la
total 12
drwx------. 2 root root 38 Aug 28 13:40 .
drwxr-xr-x. 23 root root 4096 Aug 28 13:39 ..
-rwx------. 1 root root 1675 Aug 28 13:40 id_rsa
-rwx------. 1 root root 392 Aug 28 13:40 id_rsa.pub
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#132 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AGZwLfCNMW711Xt0CVXmMUr4rdEC5Sobks5uWEOggaJpZM4WUFGv>
.
|
|
not sure, but still the same BAD_SSH_add even with 777 [root@centos hyper_keys]# ls -al |
|
enable debug logging in config.php and look at your server error logs
…On Thu, Aug 30, 2018, 23:07 wanabnux ***@***.***> wrote:
not sure, but still the same BAD_SSH_add even with 777
***@***.*** hyper_keys]# ls -al
total 12
drwx------. 2 root root 38 Aug 28 13:40 .
drwxr-xr-x. 23 root root 4096 Aug 28 13:39 ..
-rwxrwxrwx. 1 root root 1675 Aug 28 13:40 id_rsa
-rwx------. 1 root root 392 Aug 28 13:40 id_rsa.pub
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#132 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AGZwLbtTk7VxhSbn02dqrB2sHn54ibWqks5uWEX1gaJpZM4WUFGv>
.
|
|
does webserver need to be installed on hypervisor as well? |
|
[Fri Aug 31 10:45:15.215760 2018] [php7:warn] [pid 5706] [client
192.168.1.32:39536] PHP Warning: ssh2_connect(): Unable to connect to
192.168.1.42 in /var/www/html/kvm-vdi/inc/modules/KVM/functions.php on line
15, referer: http://192.168.1.32/kvm-vdi/dashboard.php
On Thu, Aug 30, 2018 at 4:08 PM, Tadas Ustinavičius <
[email protected]> wrote:
… enable debug logging in config.php and look at your server error logs
On Thu, Aug 30, 2018, 23:07 wanabnux ***@***.***> wrote:
> not sure, but still the same BAD_SSH_add even with 777
>
> ***@***.*** hyper_keys]# ls -al
> total 12
> drwx------. 2 root root 38 Aug 28 13:40 .
> drwxr-xr-x. 23 root root 4096 Aug 28 13:39 ..
> -rwxrwxrwx. 1 root root 1675 Aug 28 13:40 id_rsa
> -rwx------. 1 root root 392 Aug 28 13:40 id_rsa.pub
>
> —
> You are receiving this because you commented.
> Reply to this email directly, view it on GitHub
> <#132 (comment)>,
> or mute the thread
> <https://github.com/notifications/unsubscribe-auth/
AGZwLbtTk7VxhSbn02dqrB2sHn54ibWqks5uWEX1gaJpZM4WUFGv>
> .
>
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#132 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AoemjrnjagXw7V1xG7v9YnTabZhLwo2uks5uWEZAgaJpZM4WUFGv>
.
|
|
Obviously something went wrong with SSH key xfer. Will look into it.
Thanks for your help.
…On Fri, Aug 31, 2018 at 11:12 AM, Charles Lee ***@***.***> wrote:
[Fri Aug 31 10:45:15.215760 2018] [php7:warn] [pid 5706] [client
192.168.1.32:39536] PHP Warning: ssh2_connect(): Unable to connect to
192.168.1.42 in /var/www/html/kvm-vdi/inc/modules/KVM/functions.php on
line 15, referer: http://192.168.1.32/kvm-vdi/dashboard.php
On Thu, Aug 30, 2018 at 4:08 PM, Tadas Ustinavičius <
***@***.***> wrote:
> enable debug logging in config.php and look at your server error logs
>
> On Thu, Aug 30, 2018, 23:07 wanabnux ***@***.***> wrote:
>
> > not sure, but still the same BAD_SSH_add even with 777
> >
> > ***@***.*** hyper_keys]# ls -al
> > total 12
> > drwx------. 2 root root 38 Aug 28 13:40 .
> > drwxr-xr-x. 23 root root 4096 Aug 28 13:39 ..
> > -rwxrwxrwx. 1 root root 1675 Aug 28 13:40 id_rsa
> > -rwx------. 1 root root 392 Aug 28 13:40 id_rsa.pub
> >
> > —
> > You are receiving this because you commented.
> > Reply to this email directly, view it on GitHub
> > <#132 (comment)
> >,
> > or mute the thread
> > <https://github.com/notifications/unsubscribe-auth/AGZwLbtTk
> 7VxhSbn02dqrB2sHn54ibWqks5uWEX1gaJpZM4WUFGv>
>
> > .
> >
>
> —
> You are receiving this because you authored the thread.
> Reply to this email directly, view it on GitHub
> <#132 (comment)>,
> or mute the thread
> <https://github.com/notifications/unsubscribe-auth/AoemjrnjagXw7V1xG7v9YnTabZhLwo2uks5uWEZAgaJpZM4WUFGv>
> .
>
|
|
What's the permissions of |
|
I've been playing with it. So, don't remember what it was.
Added read for appache
[root@centos hyper_keys]# ls -al
total 12
dr--rwxr--+ 2 root root 38 Aug 28 13:40 .
drwxr-xr-x. 23 root root 4096 Aug 28 13:39 ..
-rwx------+ 1 root root 1675 Aug 28 13:40 id_rsa
-rwxrwxrwx+ 1 root root 392 Aug 28 13:40 id_rsa.pub
[root@centos hyper_keys]#
…On Fri, Aug 31, 2018 at 12:47 PM, Tadas Ustinavičius < ***@***.***> wrote:
What's the permissions of /var/hyper_keys/ folder?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#132 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AoemjqUhIjVbcRQPStLHzC57RrnCjg1Qks5uWWiTgaJpZM4WUFGv>
.
|
|
No, i mean directory |
|
dr--rwxr--+ 2 root root 38 Aug 28 13:40 hyper_keys
…On Fri, Aug 31, 2018 at 12:51 PM, Tadas Ustinavičius < ***@***.***> wrote:
No, i mean directory /var/hyper_keys/ permissions, not file
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#132 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AoemjhB-T3kQ9_Zyh9Nwz6kSZI4qy3N5ks5uWWl9gaJpZM4WUFGv>
.
|
|
change to +xr permissions for all |
|
On hypervisor server
- drwxr-xr-x. 5 VDI VDI 140 Sep 1 12:51 VDI
- drwxr-xr-x. 2 root root 29 Sep 1 12:31 .ssh
- -rwxr-xr-x. 1 VDI VDI 392 Sep 1 12:29 authorized_keys
- also tried
- -r--------. 1 VDI VDI 392 Sep 1 12:29 authorized_keys
On Dashboard server
- drwxr-xr-x. 2 root root 38 Sep 1 12:17 hyper_keys
- -rw-------. 1 root root 1679 Sep 1 12:17 id_rsa
- -rw-r--r--. 1 root root 392 Sep 1 12:17 id_rsa.pub
Still getting the same error
[root@centos var]# ssh -i /var/hyper_keys/id_rsa [email protected]
Last login: Tue Sep 4 08:59:47 2018 from 192.168.1.32
[Tue Sep 04 09:23:27.138218 2018] [php7:warn] [pid 3418] [client
192.168.1.32:50754] PHP Warning: ssh2_connect(): Unable to connect to
192.168.1.49 on port 22 in
/var/www/html/kvm-vdi/inc/modules/KVM/functions.php on line 15, referer:
http://192.168.1.32/kvm-vdi/dashboard.php
[Tue Sep 04 09:23:27.138270 2018] [php7:warn] [pid 3418] [client
192.168.1.32:50754] PHP Warning: ssh2_connect(): Unable to connect to
192.168.1.49 in /var/www/html/kvm-vdi/inc/modules/KVM/functions.php on line
15, referer: http://192.168.1.32/kvm-vdi/dashboard.php
…On Fri, Aug 31, 2018 at 12:55 PM, Tadas Ustinavičius < ***@***.***> wrote:
change to +x permissions for all
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#132 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/Aoemjupuzs8kDn1Ay3M-25xLJIJK59xjks5uWWp5gaJpZM4WUFGv>
.
|
|
your permissions on |
|
Still the same error
dr-xrwxr-x+ 2 root root 38 Sep 1 12:17 hyper_keys
[root@centos var]# ssh -i /var/hyper_keys/id_rsa [email protected]
Last login: Tue Sep 4 09:23:13 2018 from 192.168.1.32
[Tue Sep 04 09:59:49.870971 2018] [php7:warn] [pid 2422] [client
192.168.1.32:50764] PHP Warning: ssh2_connect(): Unable to connect to
192.168.1.49 on port 22 in
/var/www/html/kvm-vdi/inc/modules/KVM/functions.php on line 15, referer:
http://192.168.1.32/kvm-vdi/dashboard.php
[Tue Sep 04 09:59:49.871021 2018] [php7:warn] [pid 2422] [client
192.168.1.32:50764] PHP Warning: ssh2_connect(): Unable to connect to
192.168.1.49 in /var/www/html/kvm-vdi/inc/modules/KVM/functions.php on line
15, referer: http://192.168.1.32/kvm-vdi/dashboard.php
…On Tue, Sep 4, 2018 at 9:40 AM, Tadas Ustinavičius ***@***.*** > wrote:
your permissions on /va/hyper_keys directory are:
dr--rwxr--+ 2 root root 38 Aug 28 13:40 hyper_keys
shoud be:
dr-xrwxr-x+ 2 root root 38 Aug 28 13:40 hyper_keys
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#132 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/Aoemjrg8tOYrE5EFty4i9pZ7bHZyP3fcks5uXoLdgaJpZM4WUFGv>
.
|
|
What needs to happened for "Make files in /var/hyper_keys readable by
webserver."?
Will this work? - setfacl -m 'u:apache:r' /var/hyper_keys
…On Tue, Sep 4, 2018 at 10:02 AM, Charles Lee ***@***.***> wrote:
Still the same error
dr-xrwxr-x+ 2 root root 38 Sep 1 12:17 hyper_keys
***@***.*** var]# ssh -i /var/hyper_keys/id_rsa ***@***.***
Last login: Tue Sep 4 09:23:13 2018 from 192.168.1.32
[Tue Sep 04 09:59:49.870971 2018] [php7:warn] [pid 2422] [client
192.168.1.32:50764] PHP Warning: ssh2_connect(): Unable to connect to
192.168.1.49 on port 22 in /var/www/html/kvm-vdi/inc/modules/KVM/functions.php
on line 15, referer: http://192.168.1.32/kvm-vdi/dashboard.php
[Tue Sep 04 09:59:49.871021 2018] [php7:warn] [pid 2422] [client
192.168.1.32:50764] PHP Warning: ssh2_connect(): Unable to connect to
192.168.1.49 in /var/www/html/kvm-vdi/inc/modules/KVM/functions.php on
line 15, referer: http://192.168.1.32/kvm-vdi/dashboard.php
On Tue, Sep 4, 2018 at 9:40 AM, Tadas Ustinavičius <
***@***.***> wrote:
> your permissions on /va/hyper_keys directory are:
> dr--rwxr--+ 2 root root 38 Aug 28 13:40 hyper_keys
> shoud be:
> dr-xrwxr-x+ 2 root root 38 Aug 28 13:40 hyper_keys
>
> —
> You are receiving this because you authored the thread.
> Reply to this email directly, view it on GitHub
> <#132 (comment)>,
> or mute the thread
> <https://github.com/notifications/unsubscribe-auth/Aoemjrg8tOYrE5EFty4i9pZ7bHZyP3fcks5uXoLdgaJpZM4WUFGv>
> .
>
|
|
this is the details on the error
SELinux is preventing /usr/sbin/httpd from name_connect access on the
tcp_socket port 22.
***** Plugin catchall_boolean (47.5 confidence) suggests
******************
If you want to allow httpd to can network connect
Then you must tell SELinux about this by enabling the
'httpd_can_network_connect' boolean.
Do
setsebool -P httpd_can_network_connect 1
***** Plugin catchall_boolean (47.5 confidence) suggests
******************
If you want to allow nis to enabled
Then you must tell SELinux about this by enabling the 'nis_enabled' boolean.
Do
setsebool -P nis_enabled 1
***** Plugin catchall (6.38 confidence) suggests
**************************
If you believe that httpd should be allowed name_connect access on the port
22 tcp_socket by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'httpd' --raw | audit2allow -M my-httpd
# semodule -i my-httpd.pp
Additional Information:
Source Context system_u:system_r:httpd_t:s0
Target Context system_u:object_r:ssh_port_t:s0
Target Objects port 22 [ tcp_socket ]
Source httpd
Source Path /usr/sbin/httpd
Port 22
Host centos
Source RPM Packages httpd-2.4.6-80.el7.centos.1.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-192.el7_5.6.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name centos
Platform Linux centos 3.10.0-862.11.6.el7.x86_64 #1
SMP Tue
Aug 14 21:49:04 UTC 2018 x86_64 x86_64
Alert Count 1
First Seen 2018-09-05 09:37:29 EDT
Last Seen 2018-09-05 09:37:29 EDT
Local ID 5ac5846a-8c1d-4624-86f4-5fee39a39347
Raw Audit Messages
type=AVC msg=audit(1536154649.61:228): avc: denied { name_connect } for
pid=3850 comm="httpd" dest=22 scontext=system_u:system_r:httpd_t:s0
tcontext=system_u:object_r:ssh_port_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1536154649.61:228): arch=x86_64 syscall=connect
success=no exit=EACCES a0=b a1=7f0722c720b0 a2=10 a3=5b8fdc19 items=0
ppid=1288 pid=3850 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48
egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm=httpd
exe=/usr/sbin/httpd subj=system_u:system_r:httpd_t:s0 key=(null)
Hash: httpd,httpd_t,ssh_port_t,tcp_socket,name_connect
…On Tue, Sep 4, 2018 at 9:40 AM, Tadas Ustinavičius ***@***.*** > wrote:
your permissions on /va/hyper_keys directory are:
dr--rwxr--+ 2 root root 38 Aug 28 13:40 hyper_keys
shoud be:
dr-xrwxr-x+ 2 root root 38 Aug 28 13:40 hyper_keys
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#132 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/Aoemjrg8tOYrE5EFty4i9pZ7bHZyP3fcks5uXoLdgaJpZM4WUFGv>
.
|
|
You should disable SELinux on machines. |
|
still getting errors now on line 18
[Wed Sep 05 10:23:42.153354 2018] [php7:warn] [pid 1534] [client
192.168.1.32:48294] PHP Warning: ssh2_auth_pubkey_file(): Authentication
failed for VDI using public key: Unable to open public key file in
/var/www/html/kvm-vdi/inc/modules/KVM/functions.php on line 18, referer:
http://192.168.1.32/kvm-vdi/dashboard.php
…On Wed, Sep 5, 2018 at 9:50 AM, Tadas Ustinavičius ***@***.*** > wrote:
You should disable SELinux on machines.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#132 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AoemjjVfiiUUhTHPYuHlCnBO2_jKepWtks5uX9aOgaJpZM4WUFGv>
.
|
|
now getting callback return error on public key
**********
Got error: BAD_SSH_CREDENTIALS
[Wed Sep 05 12:16:06.331593 2018] [php7:warn] [pid 1487] [client
192.168.1.32:58814] PHP Warning: ssh2_auth_pubkey_file(): Authentication
failed for VDI using public key: Callback returned error in
/var/www/html/kvm-vdi/inc/modules/KVM/functions.php on line 18, referer:
http://192.168.1.32/kvm-vdi/dashboard.php
…On Wed, Sep 5, 2018 at 10:26 AM, Charles Lee ***@***.***> wrote:
still getting errors now on line 18
[Wed Sep 05 10:23:42.153354 2018] [php7:warn] [pid 1534] [client
192.168.1.32:48294] PHP Warning: ssh2_auth_pubkey_file(): Authentication
failed for VDI using public key: Unable to open public key file in
/var/www/html/kvm-vdi/inc/modules/KVM/functions.php on line 18, referer:
http://192.168.1.32/kvm-vdi/dashboard.php
On Wed, Sep 5, 2018 at 9:50 AM, Tadas Ustinavičius <
***@***.***> wrote:
> You should disable SELinux on machines.
>
> —
> You are receiving this because you authored the thread.
> Reply to this email directly, view it on GitHub
> <#132 (comment)>,
> or mute the thread
> <https://github.com/notifications/unsubscribe-auth/AoemjjVfiiUUhTHPYuHlCnBO2_jKepWtks5uX9aOgaJpZM4WUFGv>
> .
>
|
|
Any luck on the error, i am still struglling tried all ther permissions , but still no luck |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Having problem adding target hypervisor.
In Dashboard config.php -
$serviceurl= Dashboard Service server ip;
$websockets_address= router ip;
$LDAP_host= Dashboard server ip
Hypervisor config -
[server]
address = Dashboard server ip
$backend_pass match & sudoers file changed accordingly.
hypervisor is on a separate server, and can't have it appear in Target hypervisor drop-down menu. Are there sample config.php and hypervisor side config files that highlight items that need customization?
The text was updated successfully, but these errors were encountered: