Bug 1169338

Summary: move set-saslpasswd for libvirt to configurator
Product: Red Hat Enterprise Virtualization Manager Reporter: Yaniv Bronhaim <ybronhei>
Component: vdsmAssignee: Yaniv Bronhaim <ybronhei>
Status: CLOSED ERRATA QA Contact: Petr Kubica <pkubica>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.5.0CC: bazulay, danken, gklein, lpeer, lsurette, oourfali, ybronhei, yeylon, ykaul, ylavi
Target Milestone: ovirt-3.6.0-rc   
Target Release: 3.6.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-03-09 19:27:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1122570    

Description Yaniv Bronhaim 2014-12-01 11:40:50 UTC 
Description of problem:
To fix Bug #1168689 for 3.5 we moved the set-saslpasswd call to pre-start scripts. To not run it on each start, this should be moved to configurator as part of vdsm configuration for external services.
Comment 2 Yaniv Bronhaim 2015-06-16 07:56:38 UTC 
"vdsm-tool configure --module passwd" - Is now the command that set the password required for vdsm to communicate with libvirt (for user ovirt@vdsm in virsh. same in rhevm) - vdsm won't run it during installation time but require manual or host-deploy to run the vdsm-tool configure command for that


vdsm-tool remove-config --module passwd - you can remove the user configuration (vdsm does calls vdsm-tool remove-config during uninstall, means that the user should not exist after vdsm removal).

With the command "sasldblistuser2 -f /etc/libvirt/passwd.db" - you check that user vdsm@ovirt exists and configured and you can also try using virsh to check that the user is configured properly . the removal is also important.
Comment 3 Petr Kubica 2015-06-22 16:33:32 UTC 
If I understand it correctly, it should be the password for user vdsm@ovirt the same as password for admin@internal in rhevm after "vdsm-tool configure --module passwd" ?
Comment 4 Yaniv Bronhaim 2015-06-23 14:14:08 UTC 
no. its the password and username you use to connect to libvirt - use "virsh list", it will prompt for authentication
Comment 5 Petr Kubica 2015-06-25 08:39:10 UTC 
Verified in vdsm-4.17.0-1011.git32a7630.el7

[root@vh1 ~]# sasldblistusers2 -f /etc/libvirt/passwd.db
vdsm@ovirt: userPassword
[root@vh1 ~]# vdsm-tool remove-config --module passwd
[root@vh1 ~]# sasldblistusers2 -f /etc/libvirt/passwd.db
[root@vh1 ~]# virsh list
Please enter your authentication name: vdsm@ovirt
Please enter your password: 
error: failed to connect to the hypervisor
error: no valid connection
error: authentication failed: authentication failed

[root@vh1 ~]# vdsm-tool configure --module passwd

Checking configuration status...


Running configure...
Reconfiguration of passwd is done.

Done configuring modules to VDSM.
[root@vh1 ~]# sasldblistusers2 -f /etc/libvirt/passwd.db
vdsm@ovirt: userPassword
[root@vh1 ~]# virsh list
Please enter your authentication name: vdsm@ovirt
Please enter your password: 
 Id    Jméno                         Stav
----------------------------------------------------
Comment 7 errata-xmlrpc 2016-03-09 19:27:25 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0362.html