Bug 1210248
Summary: | Add 'admin' key to [ovirt] .vv file section | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Christophe Fergeau <cfergeau> | ||||||||
Component: | virt-viewer | Assignee: | Virt Viewer Maint <virt-viewer-maint> | ||||||||
Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> | ||||||||
Severity: | unspecified | Docs Contact: | |||||||||
Priority: | unspecified | ||||||||||
Version: | 7.2 | CC: | cfergeau, dblechte, jjongsma, juzhou, mzhan, rbalakri, tzheng, xiaodwan | ||||||||
Target Milestone: | rc | ||||||||||
Target Release: | 7.2 | ||||||||||
Hardware: | Unspecified | ||||||||||
OS: | Unspecified | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | virt-viewer-2.0-2.el7 | Doc Type: | Bug Fix | ||||||||
Doc Text: |
No doc needed
|
Story Points: | --- | ||||||||
Clone Of: | |||||||||||
: | 1289969 (view as bug list) | Environment: | |||||||||
Last Closed: | 2015-11-19 07:36:23 UTC | Type: | Bug | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Bug Depends On: | |||||||||||
Bug Blocks: | 1289969 | ||||||||||
Attachments: |
|
Description
Christophe Fergeau
2015-04-09 09:38:22 UTC
Try to verify this bug with new build: libgovirt-0.3.3-1.el7.x86_64 virt-viewer-2.0-6.el7.x86_64 RHEVM server: 3.6.0 rhevm-3.6.0-0.11.master.el6.noarch Steps: Scenario 1: Using a guest is visible in admin portal but isn't visible in user portal 1. Prepare a running guest on rhevm server, "Permissions" setting for guest is like "Screenshot-1". guest name: juzhou-rhel6 2. Download guest file "console.vv" to check 'admin' field in the [ovirt] section of .vv files 2.1 Right-click on this guest and select "Console Options" item, then select Console Invocation as "Native client". 2.2. Click the guest and select "Console" item, then save the console file "console.vv" to local machine. 2.3. Open file console.vv check the 'admin' field in the [ovirt] section # cat console.vv ... [ovirt] host=10.66.72.27 vm-guid=38e8d75c-1825-4c7a-b72d-7c9953fd96f4 jsessionid=SXFVYqzEbU4cS+gykDYQCaYX admin=1----------------------------------------------->>added 3. Connect to this guest: # remote-viewer --ovirt-ca-file=ca.crt ovirt://$rhevm hostname/juzhou-rhel6 username:admin@internal password:**** Result: After step3: After input user/passwd, a error box pop up: Couldn't open oVirt session: No virtual machine found can exit after click "OK" button. But i can access to guest via #remote-viewer console.vv way. Q1: Since there is no user list in guest "Permission" menu, so can we connect to this guest using empty user/passwd when using ovirt session? Scenario 2: Using a guest is visible in admin portal and also visible in user portal 1. Prepare a running guest on rhevm server, "Permissions" setting for guest is like "Screenshot-2". guest name: juzhou-rhel6-permission 2. Download guest console.vv file and check: In admin portal: # cat console.vv [ovirt] host=10.66.72.27 vm-guid=97ca17af-2fd0-44f8-9394-f21f6b37494e jsessionid=SXFVYqzEbU4cS+gykDYQCaYX admin=1-------------------------------------------->>added In user portal: # cat console.vv [ovirt] host=10.66.72.27 vm-guid=97ca17af-2fd0-44f8-9394-f21f6b37494e jsessionid=5P4J2jtDrp1sw3q6Dq4kiNU9 admin=1-------------------------------------------->>added 3. Connect to this guest: # remote-viewer --ovirt-ca-file=ca.crt ovirt://$rhevm hostname/juzhou-rhel6-permission username:admin@internal password:**** Result: Can access to guest after input username and password. so Christophe Fergeau, please help me check whether my steps is right or not, and also please help have a look of my question. (In reply to zhoujunqin from comment #3) > Try to verify this bug with new build: > libgovirt-0.3.3-1.el7.x86_64 > virt-viewer-2.0-6.el7.x86_64 > > RHEVM server: 3.6.0 > rhevm-3.6.0-0.11.master.el6.noarch > > Steps: > Scenario 1: Using a guest is visible in admin portal but isn't visible in > user portal > > 1. Prepare a running guest on rhevm server, "Permissions" setting for guest > is like "Screenshot-1". > guest name: juzhou-rhel6 > > 2. Download guest file "console.vv" to check 'admin' field in the [ovirt] > section of .vv files > > 2.1 Right-click on this guest and select "Console Options" item, then select > Console Invocation as "Native client". > > 2.2. Click the guest and select "Console" item, then save the console file > "console.vv" to local machine. > > 2.3. Open file console.vv check the 'admin' field in the [ovirt] section > # cat console.vv > ... > > [ovirt] > host=10.66.72.27 > vm-guid=38e8d75c-1825-4c7a-b72d-7c9953fd96f4 > jsessionid=SXFVYqzEbU4cS+gykDYQCaYX > admin=1----------------------------------------------->>added > > 3. Connect to this guest: > # remote-viewer --ovirt-ca-file=ca.crt ovirt://$rhevm hostname/juzhou-rhel6 > username:admin@internal > password:**** > > Result: > After step3: After input user/passwd, a error box pop up: > Couldn't open oVirt session: No virtual machine found > can exit after click "OK" button. > But i can access to guest via #remote-viewer console.vv way. > > Q1: Since there is no user list in guest "Permission" menu, so can we > connect to this guest using empty user/passwd when using ovirt session? > > > Scenario 2: Using a guest is visible in admin portal and also visible in > user portal > > 1. Prepare a running guest on rhevm server, "Permissions" setting for guest > is like "Screenshot-2". > guest name: juzhou-rhel6-permission > > 2. Download guest console.vv file and check: > In admin portal: > # cat console.vv > [ovirt] > host=10.66.72.27 > vm-guid=97ca17af-2fd0-44f8-9394-f21f6b37494e > jsessionid=SXFVYqzEbU4cS+gykDYQCaYX > admin=1-------------------------------------------->>added > > In user portal: > # cat console.vv > [ovirt] > host=10.66.72.27 > vm-guid=97ca17af-2fd0-44f8-9394-f21f6b37494e > jsessionid=5P4J2jtDrp1sw3q6Dq4kiNU9 > admin=1-------------------------------------------->>added > > > 3. Connect to this guest: > # remote-viewer --ovirt-ca-file=ca.crt ovirt://$rhevm > hostname/juzhou-rhel6-permission > username:admin@internal > password:**** > > Result: Can access to guest after input username and password. > > so Christophe Fergeau, please help me check whether my steps is right or > not, and also please help have a look of my question. Hi, Christophe is on PTO and will be back next week on Aug,24th. Thanks, David Hi David, thanks for your information. Created attachment 1065064 [details]
Screenshot-1
Created attachment 1065065 [details]
Screenshot-2
For scenario #1, I'd compare what happens when admin=1 and admin=0 are used in the .vv file, admin=0 should fail. For scenario #2, I'd also try both admin=0 and admin=1 (and I guess both would work). I would also try scenario #2 with a user who cannot connect as an admin. (In reply to zhoujunqin from comment #3) > Q1: Since there is no user list in guest "Permission" menu, so can we > connect to this guest using empty user/passwd when using ovirt session? If this "permission" menu is an oVirt menu in its web interface, I don't know (In reply to Christophe Fergeau from comment #8) > For scenario #1, I'd compare what happens when admin=1 and admin=0 are used > in the .vv file, admin=0 should fail. I tried again, after download .vv file, i change from admin=1 to admin=0, then i can also connect to guest with: #remote-viewer console.vv Is this correct? > For scenario #2, I'd also try both admin=0 and admin=1 (and I guess both > would work). Get same result with you. > I would also try scenario #2 with a user who cannot connect as an admin. It all depends on how things look in RHEV web UIs. If a VM can be seen by a given user both in admin portal and in user portal, then admin=0/1 should not make a difference. If a VM cannot be seen by the user in the user portal and they can log in as an admin, then admin=1 should work, and admin=0 should fail. If the user cannot login as an admin, and they can see the VM in the user portal, then admin=1 should fail, and admin=0 should work. As usual I got confused about VM access VS foreign menu. admin=0/1 should only impact foreign menu in remote-viewer non-admin user with admin=1 should give no foreign menu admin user with VM they can't see in the user portal should give no foreign menu with admin=0 non-admin user with admin=0 should give foreign menu with a VM they can see in the user portal admin user with admin=1 should give foreign menu with VM they can see in the admin portal. First thanks for teuf's kind help, i understand this function well know. And try to verify this bug again with package: virt-viewer-2.0-6.el7.x86_64 libgovirt-0.3.3-1.el7.x86_64 Steps: Scenario 1: Using a guest is visible in admin portal but isn't visible in user portal (VM permission setting like screenshot-1) 1. Download ca.crt file and then do "trust anchor ca.crt" as root # wget -k https://dell-op780-05.qe.lab.eng.nay.redhat.com/ca.crt # trust anchor ca.crt 2. Download guest file "console.vv" to check 'admin' field in the [ovirt] section of .vv files 2.1 Login rhevm server with rhevm hostname instead of ip, right-click on this guest and select "Console Options" item, then select Console Invocation as "Native client". 2.2. Click the guest and select "Console" item, then save the console file "console.vv" to local machine. 2.3. Open file console.vv check the 'admin' field in the [ovirt] section # cat console.vv ... [ovirt] host=dell-op780-05.qe.lab.eng.nay.redhat.com vm-guid=38e8d75c-1825-4c7a-b72d-7c9953fd96f4 jsessionid=xmhCoeXUUSsQbAuE5D0EHg4B admin=1--------------------------------------------->added 3. Use remote-viewer launch guest: # remote-viewer console.vv 4. Reconnect to guest again with modify admin=0 in .vv file Result: Setting admin=1, guest can be launched and can see foreign menu "Change CD". but while admin=0, guest can be launched but cannot see foreign menu. And about need trust anchor thing, file a separated bug 1257886 to tracking. Created attachment 1068591 [details]
Screenshot-3
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-2211.html |