Bug 1120621

Summary: [rhevh7] CIM funtion doesn't work
Product: Red Hat Enterprise Virtualization Manager Reporter: wanghui <huiwa>
Component: ovirt-nodeAssignee: Ryan Barry <rbarry>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 3.5.0CC: cshao, ecohen, fdeutsch, gklein, gouyang, hadong, iheim, leiwang, tbzatek, vcrhonek, yaniwang, ycui
Target Milestone: ---   
Target Release: 3.5.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: node
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-02-11 21:00:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Node RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1102477, 1156093, 1166044    
Bug Blocks: 1094719, 1142923, 1156165, 1164308, 1164311    

Description wanghui 2014-07-17 09:45:16 UTC
Description of problem:
It can not get info through CIM when configured it.

Version-Release number of selected component (if applicable):
rhev-hypervisor7-7.0-20140714.0
ovirt-node-3.1.0-0.5.20140711git7197118.el7.noarch

How reproducible:
100%

Steps to Reproduce:
1. Install rhev-hypervisor7-7.0-20140714.0.iso
2. Enabled network
3. Configure CIM in TUI with setting password as 'redhat'
4. Check CIM function from remote as follows.
#wbemcli ein -noverify https://cim:redhat@192.168.15.10/root/virt:KVM_VirtualSystemManagementService

Actual results:
1. After step4, it shows http exception as follows.
*
* wbemcli: Http Exception: Invalid username/password.
*

Expected results:
1. It can get rhevh info through CIM after configured it.

Additional info:

Comment 1 Fabian Deutsch 2014-07-24 16:03:15 UTC
This is a mass change, moving bugs of merged patches into MODIFIED.

Please correct the state, if you think that the move was not justified.

Comment 3 wanghui 2014-10-09 07:11:26 UTC
Test version:
rhev-hypervisor7-7.0-20141006.0.el7ev
ovirt-node-3.1.0-0.20.20141006gitc421e04.el7.noarch.rpm
ovirt-node-plugin-cim-3.1.0-0.20.20141006gitc421e04.el7.noarch

Test step:
1. Install rhev-hypervisor7-7.0-20141006.0.el7ev
2. Enabled network
3. Configure CIM in TUI with setting password as 'redhat'
4. Check CIM function from remote(RHEL6.5) as follows.
#wbemcli ein -noverify https://cim:redhat@192.168.15.10/root/virt:KVM_VirtualSystemManagementService

Actual results:
1. After step4, it shows http exception as follows.
*
* wbemcli: Http Exception: Invalid username/password.
*

So this issue is not fixed yet, change the status from ON_QA to Assign.

Comment 4 Ryan Barry 2014-10-23 00:07:48 UTC
This works over http, but not https. https throws back a 501 Not Implemented.

This looks similar to bz#968397, but we're at sblim-sfcb-1.3.16-11.el7, and I would expect this to have picked up the changes in -7. Any suggestions for troubleshooting this, Tomas?

Comment 5 Tomáš Bžatek 2014-10-23 10:14:17 UTC
(In reply to Ryan Barry from comment #4)
> This works over http, but not https. https throws back a 501 Not Implemented.
> 
> This looks similar to bz#968397, but we're at sblim-sfcb-1.3.16-11.el7, and
> I would expect this to have picked up the changes in -7. Any suggestions for
> troubleshooting this, Tomas?

Looking at the sblim-sfcb RHEL 7.1 repo, the patch is not there. Remember the NVR usually don't match as different changes are often made for RHEL (not sure when it was branched). Please file a bugreport on RHEL for patch inclusion (or request scratch builds with the patch).

Comment 6 cshao 2014-10-28 08:01:15 UTC
Hi fabiand,

I can reproduce this issue with rhev-hypervisor6-6.6-20141027.0.iso build, so could you help us clone this bug to 3.4.z?

Test version:
rhev-hypervisor6-6.6-20141027.0.iso
(http://download.devel.redhat.com/brewroot/work/tasks/2138/8162138/rhev-hypervisor6-6.6-20141027.0.iso)
ovirt-node-3.0.1-19.el6.21.noarch

Test steps:
1. Install rhev-hypervisor6-6.6-20141027.0.iso.
2. Enabled network
3. Configure CIM in TUI with setting password as 'redhat'
4. Check CIM function from remote as follows.
# wbemcli ein -noverify https://cim:1@ip/root/virt:KVM_VirtualSystemManagementService

Actual results:
1. After step4, it shows http exception as follows.
*
* wbemcli: Http Exception: Invalid username/password.
*

Expected results:
1. It can get rhevh info through CIM after configured it.

NOTE: No such issue on 
RHEV-H 6.5u8 for RHEV 3.4.3 (rhev-hypervisor6-6.5-20141017.0).

Thanks!

Comment 7 Fabian Deutsch 2014-10-28 08:13:08 UTC
(In reply to shaochen from comment #6)
> Hi fabiand,
> 
> I can reproduce this issue with rhev-hypervisor6-6.6-20141027.0.iso build,

Hey Tomas, could it be that the build on 6.6 is also missing the relevant patches?


> so could you help us clone this bug to 3.4.z?

Chen,

Comment 8 Ryan Barry 2014-10-28 13:13:33 UTC
The symptoms are exactly the same, at least. Works over HTTP, doesn't work over HTTPS (501).

The SElinux changes will also be needed for 6.6. All the required types are present, at least, so it should be easy to pull back.

Comment 9 Fabian Deutsch 2014-10-28 13:15:21 UTC
(pressed return on half the way)

Chen, I agreed with Ying that a new bug will be created to track the issue on 6.6

Comment 10 Fabian Deutsch 2014-10-28 13:17:27 UTC
(In reply to Ryan Barry from comment #8)
> The symptoms are exactly the same, at least. Works over HTTP, doesn't work
> over HTTPS (501).
> 
> The SElinux changes will also be needed for 6.6. All the required types are
> present, at least, so it should be easy to pull back.

Because it's on 3.5 / 6.6 we'll not need to backport the selinux changes, because we are using the same node version on both platforms for 3.5

Comment 11 Fabian Deutsch 2014-10-28 13:22:51 UTC
(In reply to Fabian Deutsch from comment #10)
> (In reply to Ryan Barry from comment #8)
> > The symptoms are exactly the same, at least. Works over HTTP, doesn't work
> > over HTTPS (501).
> > 
> > The SElinux changes will also be needed for 6.6. All the required types are
> > present, at least, so it should be easy to pull back.
> 
> Because it's on 3.5 / 6.6 we'll not need to backport the selinux changes,
> because we are using the same node version on both platforms for 3.5

Correcting myself.
As noted in comment 6 it's happening on 6.6 with 3.4.z
So we need the package update and need to backport the selinux fixes.

Comment 12 cshao 2014-10-29 10:42:51 UTC
(In reply to Fabian Deutsch from comment #9)
> (pressed return on half the way)
> 
> Chen, I agreed with Ying that a new bug will be created to track the issue
> on 6.6

Bug 1158412 - [rhevh6.5 for 3.4.z] CIM funtion doesn't work

Done :)

Comment 13 Tomáš Bžatek 2014-10-29 11:51:38 UTC
(In reply to Fabian Deutsch from comment #7)
> Hey Tomas, could it be that the build on 6.6 is also missing the relevant
> patches?

I have no idea about RHEL6 sblim-sfcb plans. Please contact respective owner of the component, Vitezslav Crhonek <vcrhonek>.

Comment 14 Ying Cui 2014-10-29 13:35:51 UTC
(In reply to shaochen from comment #12)
> (In reply to Fabian Deutsch from comment #9)
> > (pressed return on half the way)
> > 
> > Chen, I agreed with Ying that a new bug will be created to track the issue
> > on 6.6
> 
> Bug 1158412 - [rhevh6.5 for 3.4.z] CIM funtion doesn't work
here should be [rhevh6.6 for 3.4.z] not 6.5, typo here. I have updated bug 1158412 yet. Thanks.

Comment 15 Fabian Deutsch 2014-10-30 11:48:46 UTC
Vitezslav, can you tell if this bug is caused because the 6.6 build is missing some patches or does not support https?

Comment 16 Vitezslav Crhonek 2014-11-04 10:32:05 UTC
Probably answered in https://bugzilla.redhat.com/show_bug.cgi?id=1156093#c3

sfcb should support http and https.

Comment 17 Fabian Deutsch 2014-11-27 05:48:53 UTC
We need to wait until bug 1102477 is fixed until we can verify this bug.

Comment 19 Fabian Deutsch 2015-01-07 14:47:10 UTC
(In reply to Fabian Deutsch from comment #17)
> We need to wait until bug 1102477 is fixed until we can verify this bug.

No, because this bug is for RHEV-H 7.0. Moving to ON_QA

Comment 20 wanghui 2015-01-08 06:45:14 UTC
Test version:
rhev-hypervisor7-7.0-20150106.0.el7ev
ovirt-node-3.1.0-0.40.20150105git69f34a6.el7.noarch
ovirt-node-plugin-cim-3.1.0-0.40.20150105git69f34a6.el7.noarch
sblim-sfcb-1.3.16-11.el7.x86_64

Test steps:
1. Install rhev-hypervisor7-7.0-20150106.0.el7ev
2. Enabled network
3. Configure CIM in TUI with setting password as 'redhat'
4. Check CIM function from remote(RHEL6.5) through https as follows.
#wbemcli ein -noverify https://cim:redhat@192.168.15.10/root/virt:KVM_VirtualSystemManagementService
5. Check CIM function from remote(RHEL6.5) through http as follows.
#wbemcli ein -noverify http://cim:redhat@192.168.15.10/root/virt:KVM_VirtualSystemManagementService

Test result:
1. After step4, the output is as follows.
#wbemcli ein -noverify https://cim:redhat@192.168.15.10/root/virt:KVM_VirtualSystemManagementService
*
* wbemcli: Http Exception: Invalid username/password.
*
2. After step5, the output is as follows.
# wbemcli ein -noverify http://cim:redhat@192.168.15.10/root/virt:KVM_VirtualSystemManagementService
*
* wbemcli: Http Exception: Couldn't connect to server
*

So this issue is not fixed in rhev-hypervisor7-7.0-20150106.0.el7ev. Change the status from ON_QA to Assigned.

Comment 21 Ryan Barry 2015-01-08 14:28:03 UTC
This should not have been ON_QA.

The appropriate EL7 bug blocking it is bz#1166044, which is currently ON_QA, but there's no released package we can include yet.

Comment 22 Ryan Barry 2015-01-08 20:23:16 UTC
Builds with fixed CIM packages revealed another selinux denial, after which CIM works as expected.

Patch is pending upstream. New images will be available tomorrow. If I have time today, I'll try to get a scratch build out for testing.

Comment 23 wanghui 2015-01-13 07:18:26 UTC
Test version:
rhev-hypervisor7-7.0-20150112.0.el7ev
ovirt-node-3.1.0-0.42.20150109gitd06b7c5.el7.noarch
sblim-sfcb-1.3.16-12.el7_0.x86_64

Test steps:
1. Install rhev-hypervisor7-7.0-20150112.0.el7ev
2. Enabled network
3. Configure CIM in TUI with setting password as 'redhat'
4. Check CIM function from remote(RHEL7.0) through https as follows.
#wbemcli ein -noverify https://cim:redhat@192.168.15.198/root/virt:KVM_VirtualSystemManagementService

Test result:
1. After step4, the output is as follows.
# wbemcli ein -noverify https://cim:redhat@192.168.15.198/root/virt:KVM_VirtualSystemManagementService

192.168.15.198:5989/root/virt:KVM_VirtualSystemManagementService.SystemCreationClassName="KVM_HostSystem",SystemName="unknown",CreationClassName="KVM_VirtualSystemManagementService",Name="Management Service"

So this issue is fixed in rhev-hypervisor7-7.0-20150112.0.el7ev. Change the status from ON_QA to Verified.

Comment 25 errata-xmlrpc 2015-02-11 21:00:13 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2015-0160.html