Bug 1175076

Summary: virt-who crashes when ecryption key doesn't exist
Product: Red Hat Enterprise Linux 7 Reporter: Liushihui <shihliu>
Component: virt-whoAssignee: Radek Novacek <rnovacek>
Status: CLOSED ERRATA QA Contact: Li Bin Liu <liliu>
Severity: medium Docs Contact:
Priority: high    
Version: 7.1CC: gxing, ovasik, sgao
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: All   
Whiteboard:
Fixed In Version: virt-who-0.14-1.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1208029 1221027 (view as bug list) Environment:
Last Closed: 2015-11-19 11:55:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1205796, 1208029, 1221027    

Description Liushihui 2014-12-17 05:56:40 UTC 
Description of problem:
If it hasn't generated decrypted file with "virt-who-password", then configure virt-who with encrypted_password, it will result in "failed to start virt-who service "

Version-Release number of selected component (if applicable):
subscription-manager-1.13.9-1.el7.x86_64
python-rhsm-1.13.8-1.el7.x86_64
virt-who-0.11-4.el7.noarch
katello-headpin-1.4.3.28-1.el6sam_splice.noarch
candlepin-0.9.6.5-1.el6sam.noarch

How reproducible:
Always

Steps to Reproduce:
1. Register rhel to sam server, then configure virt-who run at rhevm and esx mode as the following:
[root@hp-z220-06 virt-who.d]# cat /etc/sysconfig/virt-who
VIRTWHO_BACKGROUND=1
VIRTWHO_DEBUG=1
VIRTWHO_INTERVAL=2
VIRTWHO_RHEVM_OWNER=ACME_Corporation
VIRTWHO_RHEVM_ENV=Library
VIRTWHO_RHEVM_SERVER=https://10.66.79.77:443
VIRTWHO_RHEVM_USERNAME=admin@internal
VIRTWHO_RHEVM_PASSWORD=redhat

[root@hp-z220-06 virt-who.d]# cat /etc/virt-who.d/virt-who
[test-esx1]
type=esx
server=10.66.78.75
username=Administrator
#password=qwer1234P!
encrypted_password=43f282d679adb816f2bb1cf9c18949ec
owner=ACME_Corporation
env=Library

2. Restart virt-who service
[root@hp-z220-06 virt-who.d]# systemctl restart virt-who
[root@hp-z220-06 virt-who.d]# systemctl status virt-who
virt-who.service - Daemon for reporting virtual guest IDs to subscription-manager
   Loaded: loaded (/usr/lib/systemd/system/virt-who.service; disabled)
   Active: failed (Result: exit-code) since Wed 2014-12-17 11:28:14 CST; 9s ago
  Process: 17497 ExecStart=/usr/bin/virt-who (code=exited, status=1/FAILURE)
 Main PID: 17497 (code=exited, status=1/FAILURE)

Dec 17 11:28:14 hp-z220-06.qe.lab.eng.nay.redhat.com systemd[1]: Started Daemon for reporting virtual guest IDs to subscription-manager.
Dec 17 11:28:14 hp-z220-06.qe.lab.eng.nay.redhat.com python[17497]: Fatal error:
Dec 17 11:28:14 hp-z220-06.qe.lab.eng.nay.redhat.com python[17497]: Fatal error:
Dec 17 11:28:14 hp-z220-06.qe.lab.eng.nay.redhat.com systemd[1]: virt-who.service: main process exited, code=exited, status=1/FAILURE
Dec 17 11:28:14 hp-z220-06.qe.lab.eng.nay.redhat.com systemd[1]: Unit virt-who.service entered failed state.

3. Check the rhsm log 
2014-12-17 11:29:24,681 [ERROR]  @virtwho.py:480 - Fatal error:
Traceback (most recent call last):
  File "/usr/share/virt-who/virtwho.py", line 475, in <module>
    main()
  File "/usr/share/virt-who/virtwho.py", line 434, in main
    _main(logger, options)
  File "/usr/share/virt-who/virtwho.py", line 445, in _main
    virtWho = VirtWho(logger, options)
  File "/usr/share/virt-who/virtwho.py", line 81, in __init__
    self.configManager = ConfigManager()
  File "/usr/share/virt-who/config.py", line 147, in __init__
    self._readConfig()
  File "/usr/share/virt-who/config.py", line 153, in _readConfig
    config = Config.fromParser(section, self._parser)
  File "/usr/share/virt-who/config.py", line 87, in fromParser
    password = Password.decrypt(unhexlify(crypted))
  File "/usr/share/virt-who/password/__init__.py", line 72, in decrypt
    key, iv = cls._read_key_iv()
  File "/usr/share/virt-who/password/__init__.py", line 85, in _read_key_iv
    raise InvalidKeyFile(str(e))
InvalidKeyFile: [Errno 2] No such file or directory: '/var/lib/virt-who/key'


Actual results:
Failed to start virt-who service as "No such file or directory: '/var/lib/virt-who/key'"

Expected results:
virt-who should still run normally, it should send the rhevm host/guest associate(configured on /etc/sysconfig/virt-who) to SAM server, Meanwhile, it won't send esx host/guest associate to SAM server (configured on /etc/sysconfig/virt-who) but show the error log.

Additional info:
Comment 2 Radek Novacek 2014-12-17 08:35:50 UTC 
Do I understand it correctly that you've encrypted the password on different machine than it's used on?

There is no solution for this issue, the encrypted password is bound to the key it was created with. You'll have to copy the key to the target machine.

On the other hand, virt-who should only print an error but shouldn't crash. Let's use this bug to track fixing it.
Comment 3 Liushihui 2014-12-26 08:29:05 UTC 
Configure len(encrypted_password)!=32bit(encrypted_password=111111) , it also has the same problem. please see the virt-who's log as the following:
2014-12-26 15:46:55,495 [ERROR]  @virtwho.py:480 - Fatal error:
Traceback (most recent call last):
  File "/usr/share/virt-who/virtwho.py", line 475, in <module>
    main()
  File "/usr/share/virt-who/virtwho.py", line 434, in main
    _main(logger, options)
  File "/usr/share/virt-who/virtwho.py", line 445, in _main
    virtWho = VirtWho(logger, options)
  File "/usr/share/virt-who/virtwho.py", line 81, in __init__
    self.configManager = ConfigManager()
  File "/usr/share/virt-who/config.py", line 147, in __init__
    self._readConfig()
  File "/usr/share/virt-who/config.py", line 153, in _readConfig
    config = Config.fromParser(section, self._parser)
  File "/usr/share/virt-who/config.py", line 87, in fromParser
    password = Password.decrypt(unhexlify(crypted))
  File "/usr/share/virt-who/password/__init__.py", line 73, in decrypt
    return cls._unpad(cls._crypt(cls.DECRYPT, key, iv, enc))
  File "/usr/share/virt-who/password/__init__.py", line 62, in _crypt
    outf.write(cipher.final())
  File "/usr/lib64/python2.7/site-packages/M2Crypto/EVP.py", line 128, in final
    return m2.cipher_final(self.ctx)
EVPError: data not multiple of block length
2014-12-26 15:46:55,495 [ERROR]  @virtwho.py:480 - Fatal error:
Traceback (most recent call last):
  File "/usr/share/virt-who/virtwho.py", line 475, in <module>
    main()
  File "/usr/share/virt-who/virtwho.py", line 434, in main
    _main(logger, options)
  File "/usr/share/virt-who/virtwho.py", line 445, in _main
    virtWho = VirtWho(logger, options)
  File "/usr/share/virt-who/virtwho.py", line 81, in __init__
    self.configManager = ConfigManager()
  File "/usr/share/virt-who/config.py", line 147, in __init__
    self._readConfig()
  File "/usr/share/virt-who/config.py", line 153, in _readConfig
    config = Config.fromParser(section, self._parser)
  File "/usr/share/virt-who/config.py", line 87, in fromParser
    password = Password.decrypt(unhexlify(crypted))
  File "/usr/share/virt-who/password/__init__.py", line 73, in decrypt
    return cls._unpad(cls._crypt(cls.DECRYPT, key, iv, enc))
  File "/usr/share/virt-who/password/__init__.py", line 62, in _crypt
    outf.write(cipher.final())
  File "/usr/lib64/python2.7/site-packages/M2Crypto/EVP.py", line 128, in final
    return m2.cipher_final(self.ctx)
EVPError: data not multiple of block length

[Note]: If the len(encrypted_password)=32bit, it won't occur this problem.virt-who can run normally but show some error log
Comment 5 Radek Novacek 2015-04-14 05:57:44 UTC 
This bug is resolved upstream and will be fixed by virt-who rebase (bug 1200374).
Comment 6 Radek Novacek 2015-06-23 13:32:28 UTC 
Fixed in virt-who-0.14-1.el7.
Comment 8 Liushihui 2015-07-15 08:41:56 UTC 
verified it on virt-who-0.14-1.el7.noarch. 

Verified version:
virt-who-0.14-1.el7.noarch
subscription-manager-1.15.5-1.el7.x86_64
python-rhsm-1.15.3-1.el7.x86_64

Verified process:
1.When encrypted and decrypted password doesn't exist, failed to start virt-who service and it will show error log in /var/log/rhsm/rhsm.log as the following:
[root@hp-z220-05 ~]# systemctl retart virt-who 
2015-07-15 15:46:56,952 [ERROR]  @virtwho.py:550 - [Errno 2] No such file or directory: '/var/lib/virt-who/key'

2. When password or key is broken (wrong length), still failed to start virt-who service and it will show error log in /var/log/rhsm/rhsm.log as the folllowing:
2015-07-15 16:38:18,128 [ERROR]  @virtwho.py:550 - Password can't be decrypted, possibly corrupted
Comment 9 errata-xmlrpc 2015-11-19 11:55:51 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2370.html