Bug 1032849

Summary: lmi command fails with certificate error
Product: [Fedora] Fedora Reporter: Russell Doty <rdoty>
Component: tog-pegasusAssignee: Stephen Gallagher <sgallagh>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 22CC: agk, hamzy, miminar, sgallagh, tsmetana, vcrhonek
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-06-07 13:46:16 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1041555    
Attachments:
Description Flags
Patch to generate a mini-CA and save that CA to the shared trust store none

Description Russell Doty 2013-11-21 02:31:35 UTC 
Description of problem:

The command "lmi hwinfo" fails with file not found.


Version-Release number of selected component (if applicable):


How reproducible:

Every time.

Steps to Reproduce:
1. Install tog-pegasus
2. Install openlmi
3. Start tog-pegasus
4. Run "lmi hwinfo"

Actual results:

# lmi hwinfo
ERROR: invocation failed for host "https://localhost": (1, u'CIM_ERR_FAILED: File "libComputerSystemProvider.so" was not found for provider module "ComputerSystemModule".')
There was 1 error:
host https://localhost
    CIM_ERR_FAILED: File "libComputerSystemProvider.so" was not found for provider module "ComputerSystemModule".: 


Expected results:

Report on hwinfo

Additional info:

This is on a fresh install of F20 Beta.

Used setenforce 0 and verified that selinux is in permissive mode.

Tried command as normal user and su.
Comment 1 Russell Doty 2013-11-21 02:37:08 UTC 
Command works when used with the noverify option:

$ lmi -n hwinfo
username: root
password: 
                
Hostname:      localhost 
                
Chassis Type:  Desktop 
Manufacturer:  Gigabyte Technology Co., Ltd. 
Model:          (GA-MA78GM-S2H) 
Serial Number: Not Specified 
Asset Tag:     0 
                
CPU:           AMD Phenom(tm) 9550 Quad-Core Processor 
Topology:      1 cpu(s), 1 core(s), 1 thread(s) 
Max Freq:      3000 MHz 
Arch:          x86_64 
                
Memory:        4 GB 
Slots:         2 used, 4 total 


This is odd, as I had configured the SSL certificates using the instructions at http://www.openlmi.org/PegasusSSL.

How do you check certificate status?
Comment 2 Russell Doty 2013-11-21 02:45:08 UTC 
The command should return a message that the SSL certificate is not properly configured rather than failing with a file not found message.
Comment 3 Russell Doty 2013-11-21 02:51:30 UTC 
If selinux is in enforcing mode the lmi command fails:

When run as regular user:

]$ lmi -n hwinfo
username: root
password: 
ERROR: invocation failed for host "https://localhost": 'NoneType' object has no attribute 'ChassisPackageType'
There was 1 error:
host https://localhost
    (AttributeError) 'NoneType' object has no attribute 'ChassisPackageType'
[rdoty@localhost ~]$ lmi hwinfo
username: root
password: 
ERROR: invocation failed for host "https://localhost": 'NoneType' object has no attribute 'ChassisPackageType'
There was 1 error:
host https://localhost
    (AttributeError) 'NoneType' object has no attribute 'ChassisPackageType'

When run as root:

]$ su
Password: 
[root@localhost rdoty]# lmi hwinfo
ERROR: invocation failed for host "https://localhost": (1, u'CIM_ERR_FAILED: File "libComputerSystemProvider.so" was not found for provider module "ComputerSystemModule".')
There was 1 error:
host https://localhost
    CIM_ERR_FAILED: File "libComputerSystemProvider.so" was not found for provider module "ComputerSystemModule".: 
[root@localhost rdoty]# lmi -n hwinfo
ERROR: invocation failed for host "https://localhost": (1, u'CIM_ERR_FAILED: File "libComputerSystemProvider.so" was not found for provider module "ComputerSystemModule".')
There was 1 error:
host https://localhost
    CIM_ERR_FAILED: File "libComputerSystemProvider.so" was not found for provider module "ComputerSystemModule".:
Comment 4 Tomas Smetana 2013-11-21 12:54:09 UTC 
Filed bug #1033027 against the SELinux policy to fix the AVC denials.  I don't have any answers to the certificate verification problem yet.
Comment 5 Stephen Gallagher 2013-12-13 16:19:17 UTC 
Re-purposing this ticket to focus on the certificate problems faced by the local testing user.

What we want to do is to have the self-signed certificate trusted for use with the local system.
Comment 6 Stephen Gallagher 2013-12-13 16:22:57 UTC 
Created attachment 836377 [details]
Patch to generate a mini-CA and save that CA to the shared trust store

With this patch (submitted upstream at http://bugzilla.openpegasus.org/show_bug.cgi?id=9831) we will generate a single-use CA certificate and a service certificate for Pegasus. We will sign the service certificate and then discard the private key for the CA certificate (ensuring that it cannot be used to sign anything else). We will then copy the mini-CA into the shared certificate store.
Comment 7 Jaroslav Reznik 2015-03-03 16:57:01 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle.
Changing version to '22'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22
Comment 8 Vitezslav Crhonek 2020-04-01 07:10:19 UTC 
Comment on attachment 836377 [details]
Patch to generate a mini-CA and save that CA to the shared trust store

Clearing review flag.