Seitanas
blank hypervisor selection
Having problem adding target hypervisor.
In Dashboard config.php - $serviceurl= Dashboard Service server ip; $websockets_address= router ip; $LDAP_host= Dashboard server ip
Hypervisor config - [server] address = Dashboard server ip
$backend_pass match & sudoers file changed accordingly.
hypervisor is on a separate server, and can't have it appear in Target hypervisor drop-down menu. Are there sample config.php and hypervisor side config files that highlight items that need customization?
yes. it was done. This works - "ssh -i /var/hyper_keys/id_rsa VDI@hypervisor_address"
Havn't set up thin client yet. Currently just have Dashboard server and hypervisor sever setup. Do you need to complete rest of the steps to be able to add hypervisor?
[root@centos ~]# ssh -i /var/hyper_keys/id_rsa [email protected] Last login: Thu Aug 30 15:48:05 2018 from 192.168.1.32
[root@centos hyper_keys]# ls -la total 12 drwx------. 2 root root 38 Aug 28 13:40 . drwxr-xr-x. 23 root root 4096 Aug 28 13:39 .. -rwx------. 1 root root 1675 Aug 28 13:40 id_rsa -rwx------. 1 root root 392 Aug 28 13:40 id_rsa.pub
is your webserver running as root user?
On Thu, Aug 30, 2018, 22:57 wanabnux [email protected] wrote:
[root@centos hyper_keys]# ls -la total 12 drwx------. 2 root root 38 Aug 28 13:40 . drwxr-xr-x. 23 root root 4096 Aug 28 13:39 .. -rwx------. 1 root root 1675 Aug 28 13:40 id_rsa -rwx------. 1 root root 392 Aug 28 13:40 id_rsa.pub
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/Seitanas/kvm-vdi/issues/132#issuecomment-417447736, or mute the thread https://github.com/notifications/unsubscribe-auth/AGZwLfCNMW711Xt0CVXmMUr4rdEC5Sobks5uWEOggaJpZM4WUFGv .
not sure, but still the same BAD_SSH_add even with 777
[root@centos hyper_keys]# ls -al total 12 drwx------. 2 root root 38 Aug 28 13:40 . drwxr-xr-x. 23 root root 4096 Aug 28 13:39 .. -rwxrwxrwx. 1 root root 1675 Aug 28 13:40 id_rsa -rwx------. 1 root root 392 Aug 28 13:40 id_rsa.pub
enable debug logging in config.php and look at your server error logs
On Thu, Aug 30, 2018, 23:07 wanabnux [email protected] wrote:
not sure, but still the same BAD_SSH_add even with 777
[root@centos hyper_keys]# ls -al total 12 drwx------. 2 root root 38 Aug 28 13:40 . drwxr-xr-x. 23 root root 4096 Aug 28 13:39 .. -rwxrwxrwx. 1 root root 1675 Aug 28 13:40 id_rsa -rwx------. 1 root root 392 Aug 28 13:40 id_rsa.pub
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/Seitanas/kvm-vdi/issues/132#issuecomment-417450436, or mute the thread https://github.com/notifications/unsubscribe-auth/AGZwLbtTk7VxhSbn02dqrB2sHn54ibWqks5uWEX1gaJpZM4WUFGv .
[Fri Aug 31 10:45:15.215760 2018] [php7:warn] [pid 5706] [client 192.168.1.32:39536] PHP Warning: ssh2_connect(): Unable to connect to 192.168.1.42 in /var/www/html/kvm-vdi/inc/modules/KVM/functions.php on line 15, referer: http://192.168.1.32/kvm-vdi/dashboard.php
On Thu, Aug 30, 2018 at 4:08 PM, Tadas Ustinavičius < [email protected]> wrote:
enable debug logging in config.php and look at your server error logs
On Thu, Aug 30, 2018, 23:07 wanabnux [email protected] wrote:
not sure, but still the same BAD_SSH_add even with 777
[root@centos hyper_keys]# ls -al total 12 drwx------. 2 root root 38 Aug 28 13:40 . drwxr-xr-x. 23 root root 4096 Aug 28 13:39 .. -rwxrwxrwx. 1 root root 1675 Aug 28 13:40 id_rsa -rwx------. 1 root root 392 Aug 28 13:40 id_rsa.pub
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/Seitanas/kvm-vdi/issues/132#issuecomment-417450436, or mute the thread <https://github.com/notifications/unsubscribe-auth/ AGZwLbtTk7VxhSbn02dqrB2sHn54ibWqks5uWEX1gaJpZM4WUFGv>
.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Seitanas/kvm-vdi/issues/132#issuecomment-417450783, or mute the thread https://github.com/notifications/unsubscribe-auth/AoemjrnjagXw7V1xG7v9YnTabZhLwo2uks5uWEZAgaJpZM4WUFGv .
Obviously something went wrong with SSH key xfer. Will look into it. Thanks for your help.
On Fri, Aug 31, 2018 at 11:12 AM, Charles Lee [email protected] wrote:
[Fri Aug 31 10:45:15.215760 2018] [php7:warn] [pid 5706] [client 192.168.1.32:39536] PHP Warning: ssh2_connect(): Unable to connect to 192.168.1.42 in /var/www/html/kvm-vdi/inc/modules/KVM/functions.php on line 15, referer: http://192.168.1.32/kvm-vdi/dashboard.php
On Thu, Aug 30, 2018 at 4:08 PM, Tadas Ustinavičius < [email protected]> wrote:
enable debug logging in config.php and look at your server error logs
On Thu, Aug 30, 2018, 23:07 wanabnux [email protected] wrote:
not sure, but still the same BAD_SSH_add even with 777
[root@centos hyper_keys]# ls -al total 12 drwx------. 2 root root 38 Aug 28 13:40 . drwxr-xr-x. 23 root root 4096 Aug 28 13:39 .. -rwxrwxrwx. 1 root root 1675 Aug 28 13:40 id_rsa -rwx------. 1 root root 392 Aug 28 13:40 id_rsa.pub
— You are receiving this because you commented. Reply to this email directly, view it on GitHub <https://github.com/Seitanas/kvm-vdi/issues/132#issuecomment-417450436 , or mute the thread <https://github.com/notifications/unsubscribe-auth/AGZwLbtTk 7VxhSbn02dqrB2sHn54ibWqks5uWEX1gaJpZM4WUFGv>
.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Seitanas/kvm-vdi/issues/132#issuecomment-417450783, or mute the thread https://github.com/notifications/unsubscribe-auth/AoemjrnjagXw7V1xG7v9YnTabZhLwo2uks5uWEZAgaJpZM4WUFGv .
I've been playing with it. So, don't remember what it was.
Added read for appache
[root@centos hyper_keys]# ls -al total 12 dr--rwxr--+ 2 root root 38 Aug 28 13:40 . drwxr-xr-x. 23 root root 4096 Aug 28 13:39 .. -rwx------+ 1 root root 1675 Aug 28 13:40 id_rsa -rwxrwxrwx+ 1 root root 392 Aug 28 13:40 id_rsa.pub [root@centos hyper_keys]#
On Fri, Aug 31, 2018 at 12:47 PM, Tadas Ustinavičius < [email protected]> wrote:
What's the permissions of /var/hyper_keys/ folder?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Seitanas/kvm-vdi/issues/132#issuecomment-417724355, or mute the thread https://github.com/notifications/unsubscribe-auth/AoemjqUhIjVbcRQPStLHzC57RrnCjg1Qks5uWWiTgaJpZM4WUFGv .
dr--rwxr--+ 2 root root 38 Aug 28 13:40 hyper_keys
On Fri, Aug 31, 2018 at 12:51 PM, Tadas Ustinavičius < [email protected]> wrote:
No, i mean directory /var/hyper_keys/ permissions, not file
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Seitanas/kvm-vdi/issues/132#issuecomment-417725652, or mute the thread https://github.com/notifications/unsubscribe-auth/AoemjhB-T3kQ9_Zyh9Nwz6kSZI4qy3N5ks5uWWl9gaJpZM4WUFGv .
On hypervisor server
- drwxr-xr-x. 5 VDI VDI 140 Sep 1 12:51 VDI
- drwxr-xr-x. 2 root root 29 Sep 1 12:31 .ssh
- -rwxr-xr-x. 1 VDI VDI 392 Sep 1 12:29 authorized_keys
- also tried
- -r--------. 1 VDI VDI 392 Sep 1 12:29 authorized_keys
On Dashboard server
- drwxr-xr-x. 2 root root 38 Sep 1 12:17 hyper_keys
- -rw-------. 1 root root 1679 Sep 1 12:17 id_rsa
- -rw-r--r--. 1 root root 392 Sep 1 12:17 id_rsa.pub
Still getting the same error
[root@centos var]# ssh -i /var/hyper_keys/id_rsa [email protected] Last login: Tue Sep 4 08:59:47 2018 from 192.168.1.32
[Tue Sep 04 09:23:27.138218 2018] [php7:warn] [pid 3418] [client 192.168.1.32:50754] PHP Warning: ssh2_connect(): Unable to connect to 192.168.1.49 on port 22 in /var/www/html/kvm-vdi/inc/modules/KVM/functions.php on line 15, referer: http://192.168.1.32/kvm-vdi/dashboard.php [Tue Sep 04 09:23:27.138270 2018] [php7:warn] [pid 3418] [client 192.168.1.32:50754] PHP Warning: ssh2_connect(): Unable to connect to 192.168.1.49 in /var/www/html/kvm-vdi/inc/modules/KVM/functions.php on line 15, referer: http://192.168.1.32/kvm-vdi/dashboard.php
On Fri, Aug 31, 2018 at 12:55 PM, Tadas Ustinavičius < [email protected]> wrote:
change to +x permissions for all
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Seitanas/kvm-vdi/issues/132#issuecomment-417726987, or mute the thread https://github.com/notifications/unsubscribe-auth/Aoemjupuzs8kDn1Ay3M-25xLJIJK59xjks5uWWp5gaJpZM4WUFGv .
your permissions on /va/hyper_keys directory are:
dr--rwxr--+ 2 root root 38 Aug 28 13:40 hyper_keys
shoud be:
dr-xrwxr-x+ 2 root root 38 Aug 28 13:40 hyper_keys
Still the same error
dr-xrwxr-x+ 2 root root 38 Sep 1 12:17 hyper_keys
[root@centos var]# ssh -i /var/hyper_keys/id_rsa [email protected] Last login: Tue Sep 4 09:23:13 2018 from 192.168.1.32
[Tue Sep 04 09:59:49.870971 2018] [php7:warn] [pid 2422] [client 192.168.1.32:50764] PHP Warning: ssh2_connect(): Unable to connect to 192.168.1.49 on port 22 in /var/www/html/kvm-vdi/inc/modules/KVM/functions.php on line 15, referer: http://192.168.1.32/kvm-vdi/dashboard.php [Tue Sep 04 09:59:49.871021 2018] [php7:warn] [pid 2422] [client 192.168.1.32:50764] PHP Warning: ssh2_connect(): Unable to connect to 192.168.1.49 in /var/www/html/kvm-vdi/inc/modules/KVM/functions.php on line 15, referer: http://192.168.1.32/kvm-vdi/dashboard.php
On Tue, Sep 4, 2018 at 9:40 AM, Tadas Ustinavičius <[email protected]
wrote:
your permissions on /va/hyper_keys directory are: dr--rwxr--+ 2 root root 38 Aug 28 13:40 hyper_keys shoud be: dr-xrwxr-x+ 2 root root 38 Aug 28 13:40 hyper_keys
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Seitanas/kvm-vdi/issues/132#issuecomment-418371001, or mute the thread https://github.com/notifications/unsubscribe-auth/Aoemjrg8tOYrE5EFty4i9pZ7bHZyP3fcks5uXoLdgaJpZM4WUFGv .
What needs to happened for "Make files in /var/hyper_keys readable by webserver."?
Will this work? - setfacl -m 'u:apache:r' /var/hyper_keys
On Tue, Sep 4, 2018 at 10:02 AM, Charles Lee [email protected] wrote:
Still the same error
dr-xrwxr-x+ 2 root root 38 Sep 1 12:17 hyper_keys
[root@centos var]# ssh -i /var/hyper_keys/id_rsa [email protected] Last login: Tue Sep 4 09:23:13 2018 from 192.168.1.32
[Tue Sep 04 09:59:49.870971 2018] [php7:warn] [pid 2422] [client 192.168.1.32:50764] PHP Warning: ssh2_connect(): Unable to connect to 192.168.1.49 on port 22 in /var/www/html/kvm-vdi/inc/modules/KVM/functions.php on line 15, referer: http://192.168.1.32/kvm-vdi/dashboard.php [Tue Sep 04 09:59:49.871021 2018] [php7:warn] [pid 2422] [client 192.168.1.32:50764] PHP Warning: ssh2_connect(): Unable to connect to 192.168.1.49 in /var/www/html/kvm-vdi/inc/modules/KVM/functions.php on line 15, referer: http://192.168.1.32/kvm-vdi/dashboard.php
On Tue, Sep 4, 2018 at 9:40 AM, Tadas Ustinavičius < [email protected]> wrote:
your permissions on /va/hyper_keys directory are: dr--rwxr--+ 2 root root 38 Aug 28 13:40 hyper_keys shoud be: dr-xrwxr-x+ 2 root root 38 Aug 28 13:40 hyper_keys
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Seitanas/kvm-vdi/issues/132#issuecomment-418371001, or mute the thread https://github.com/notifications/unsubscribe-auth/Aoemjrg8tOYrE5EFty4i9pZ7bHZyP3fcks5uXoLdgaJpZM4WUFGv .
this is the details on the error
SELinux is preventing /usr/sbin/httpd from name_connect access on the tcp_socket port 22.
***** Plugin catchall_boolean (47.5 confidence) suggests
If you want to allow httpd to can network connect Then you must tell SELinux about this by enabling the 'httpd_can_network_connect' boolean.
Do setsebool -P httpd_can_network_connect 1
***** Plugin catchall_boolean (47.5 confidence) suggests
If you want to allow nis to enabled Then you must tell SELinux about this by enabling the 'nis_enabled' boolean.
Do setsebool -P nis_enabled 1
***** Plugin catchall (6.38 confidence) suggests
If you believe that httpd should be allowed name_connect access on the port 22 tcp_socket by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing:
ausearch -c 'httpd' --raw | audit2allow -M my-httpd
semodule -i my-httpd.pp
Additional Information: Source Context system_u:system_r:httpd_t:s0 Target Context system_u:object_r:ssh_port_t:s0 Target Objects port 22 [ tcp_socket ] Source httpd Source Path /usr/sbin/httpd Port 22 Host centos Source RPM Packages httpd-2.4.6-80.el7.centos.1.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-192.el7_5.6.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name centos Platform Linux centos 3.10.0-862.11.6.el7.x86_64 #1 SMP Tue Aug 14 21:49:04 UTC 2018 x86_64 x86_64 Alert Count 1 First Seen 2018-09-05 09:37:29 EDT Last Seen 2018-09-05 09:37:29 EDT Local ID 5ac5846a-8c1d-4624-86f4-5fee39a39347
Raw Audit Messages type=AVC msg=audit(1536154649.61:228): avc: denied { name_connect } for pid=3850 comm="httpd" dest=22 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:ssh_port_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1536154649.61:228): arch=x86_64 syscall=connect success=no exit=EACCES a0=b a1=7f0722c720b0 a2=10 a3=5b8fdc19 items=0 ppid=1288 pid=3850 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm=httpd exe=/usr/sbin/httpd subj=system_u:system_r:httpd_t:s0 key=(null)
Hash: httpd,httpd_t,ssh_port_t,tcp_socket,name_connect
On Tue, Sep 4, 2018 at 9:40 AM, Tadas Ustinavičius <[email protected]
wrote:
your permissions on /va/hyper_keys directory are: dr--rwxr--+ 2 root root 38 Aug 28 13:40 hyper_keys shoud be: dr-xrwxr-x+ 2 root root 38 Aug 28 13:40 hyper_keys
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Seitanas/kvm-vdi/issues/132#issuecomment-418371001, or mute the thread https://github.com/notifications/unsubscribe-auth/Aoemjrg8tOYrE5EFty4i9pZ7bHZyP3fcks5uXoLdgaJpZM4WUFGv .
still getting errors now on line 18
[Wed Sep 05 10:23:42.153354 2018] [php7:warn] [pid 1534] [client 192.168.1.32:48294] PHP Warning: ssh2_auth_pubkey_file(): Authentication failed for VDI using public key: Unable to open public key file in /var/www/html/kvm-vdi/inc/modules/KVM/functions.php on line 18, referer: http://192.168.1.32/kvm-vdi/dashboard.php
On Wed, Sep 5, 2018 at 9:50 AM, Tadas Ustinavičius <[email protected]
wrote:
You should disable SELinux on machines.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Seitanas/kvm-vdi/issues/132#issuecomment-418737475, or mute the thread https://github.com/notifications/unsubscribe-auth/AoemjjVfiiUUhTHPYuHlCnBO2_jKepWtks5uX9aOgaJpZM4WUFGv .
now getting callback return error on public key
Got error: BAD_SSH_CREDENTIALS
[Wed Sep 05 12:16:06.331593 2018] [php7:warn] [pid 1487] [client 192.168.1.32:58814] PHP Warning: ssh2_auth_pubkey_file(): Authentication failed for VDI using public key: Callback returned error in /var/www/html/kvm-vdi/inc/modules/KVM/functions.php on line 18, referer: http://192.168.1.32/kvm-vdi/dashboard.php
On Wed, Sep 5, 2018 at 10:26 AM, Charles Lee [email protected] wrote:
still getting errors now on line 18
[Wed Sep 05 10:23:42.153354 2018] [php7:warn] [pid 1534] [client 192.168.1.32:48294] PHP Warning: ssh2_auth_pubkey_file(): Authentication failed for VDI using public key: Unable to open public key file in /var/www/html/kvm-vdi/inc/modules/KVM/functions.php on line 18, referer: http://192.168.1.32/kvm-vdi/dashboard.php
On Wed, Sep 5, 2018 at 9:50 AM, Tadas Ustinavičius < [email protected]> wrote:
You should disable SELinux on machines.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Seitanas/kvm-vdi/issues/132#issuecomment-418737475, or mute the thread https://github.com/notifications/unsubscribe-auth/AoemjjVfiiUUhTHPYuHlCnBO2_jKepWtks5uX9aOgaJpZM4WUFGv .
Any luck on the error, i am still struglling tried all ther permissions , but still no luck
