Bug 1229235
Summary: | "RestlibException: Access denied" when configure virt-who with "rhsm_username and rhsm_password" | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Liushihui <shihliu> | ||||||
Component: | API | Assignee: | Tom McKay <tomckay> | ||||||
Status: | CLOSED WORKSFORME | QA Contact: | Katello QA List <katello-qa-list> | ||||||
Severity: | high | Docs Contact: | |||||||
Priority: | high | ||||||||
Version: | 6.0.0 | CC: | bbuckingham, bkearney, hsun, jalviso, ldai, psagat, rbalakri, sgao, shihliu, snemeth, sthirugn, yuefliu | ||||||
Target Milestone: | Unspecified | Keywords: | Triaged | ||||||
Target Release: | Unused | ||||||||
Hardware: | x86_64 | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | |||||||||
: | 1246976 (view as bug list) | Environment: | |||||||
Last Closed: | 2016-10-17 02:36:13 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 1246976 | ||||||||
Attachments: |
|
Description
Liushihui
2015-06-08 10:16:22 UTC
this issue can be duplicated for SAM 1.4.1 and the error log message as following: 2 015-07-14 09:15:48,989 [ERROR] @virtwho.py:123 - Error in communication with subscription manager: Traceback (most recent call last): File "/usr/share/virt-who/virtwho.py", line 105, in send File "/usr/share/virt-who/virtwho.py", line 134, in _sendGuestAssociation File "/usr/share/virt-who/manager/subscriptionmanager/subscriptionmanager.py", line 134, in hypervisorCheckIn File "/usr/lib64/python2.6/site-packages/rhsm/connection.py", line 815, in hypervisorCheckIn File "/usr/lib64/python2.6/site-packages/rhsm/connection.py", line 605, in request_post File "/usr/lib64/python2.6/site-packages/rhsm/connection.py", line 530, in _request File "/usr/lib64/python2.6/site-packages/rhsm/connection.py", line 572, in validateResponse RestlibException: User admin is not allowed to access api/v1/systems/hypervisors_update It looks like the user that is specified in the rhsm_username parameter does not have necessary permissions to use hypervisor_update call. What permissions does the user have? Is it possible to register system with given credentials? hi Radek, Environment: - RHEV-H-vdsm6-6.7-20150707.0 - RHEVM-3.5.4-1.1 (VDSM mode) - SAM-1.4.1-RHEL-6-20141113.0 (admin / admin) Packages: - virt-who-0.12-10.el6.noarch - python-rhsm-1.14.3-1.el6.x86_64 - subscription-manager-1.14.10-1.el6.x86_64 virt-who config: [test-esx] type=esx server=10.66.78.89 username=Administrator password=qwer1234P! owner=ACME_Corporation env=Library rhsm_username=admin rhsm_password=admin can register to sam server successfully # subscription-manager register --username=admin --password=admin The system has been registered with ID: cd9555d7-95b0-43b6-8b0f-b248ca81dbb5 There is nothing virt-who can do about it. It looks like the user you're trying to use doesn't have some necessary privilege that would allow him to use this "api/v1/systems" API. Can someone from candlepin team tell us how should the user be configured to be allowed to use this API? Then I'll add a notice about it to virt-who manual page. Created attachment 1082639 [details]
candle_pin log in SAM
Created attachment 1082640 [details]
katello_production log in SAM
I am going to guess that the user just upgraded to Satellite 6.1, Is that correct? If so can you confirm if the prefix setting in /etc/rhsm/rhsm.conf is set to "/rhsm". If not, please change this and re-try. Please also double check that the rhsm_prefix is not overriding this in the /etc/virt-who.d configuration. -- bk Yes, RHEL7.2 system registered to Satellite-6.1.0-RHEL-7-20150828.0,. the prefix=/rhsm in /etc/rhsm/rhsm.conf. the rhsm_profix is not overriding this in the /etc/virt-who/XXX [root@hp-z220-10 ~]# cat /etc/rhsm/rhsm.conf | grep -v ^# | grep -v ^$ [server] hostname = intel-waimeabay-hedt-01.ml3.eng.bos.redhat.com prefix = /rhsm port = 443 insecure = 0 ssl_verify_depth = 3 proxy_hostname = proxy_port = proxy_user = proxy_password = [rhsm] baseurl= https://intel-waimeabay-hedt-01.ml3.eng.bos.redhat.com/pulp/repos ca_cert_dir = /etc/rhsm/ca/ repo_ca_cert = %(ca_cert_dir)skatello-server-ca.pem productCertDir = /etc/pki/product entitlementCertDir = /etc/pki/entitlement consumerCertDir = /etc/pki/consumer manage_repos = 1 full_refresh_on_yum = 1 report_package_profile = 1 pluginDir = /usr/share/rhsm-plugins pluginConfDir = /etc/rhsm/pluginconf.d [rhsmcertd] certCheckInterval = 240 autoAttachInterval = 1440 [root@hp-z220-10 ~]# cat /etc/virt-who.d/virtwho [test-hyperv1] type=hyperv server=http://10.66.128.9 username=Administrator encrypted_password=7430ce339e913ecfb2663d33d74b4bfa owner=ACME_Corporation env=Library rhsm_username=admin rhsm_password=admin *** Bug 1295654 has been marked as a duplicate of this bug. *** *** Bug 1246976 has been marked as a duplicate of this bug. *** Verified the bug and got info as below: 1.Don't create "ACME_Corporation" organization in satellite6.2 server, will register rhel7.3 host to the server's default organization by auto. Then configure virt-who-config file with "owner=Default_Organization", virt-who can send h/g mapping info to server successfully with rhsm username and password. But configure virt-who-config file with "owner=ACME_Corporation", the bug will reproduce with rhsm username and password. 2.Create a new "ACME_Corporation" organization in satellite6.2 server, can register rhel7.3 to the new or default organization by selection, if change to register to the other organization, must delete the host info from before one. Then configure virt-who-config file with "owner=Default_Organization", virt-who can send h/g mapping info to default organizaiton successfully with rhsm username and password. Change owner to "owner=ACME_Corporation", virt-who can also send h/g mapping info successfully to the new organization, no need to delete the hypervisor info from before one, and it can be listed to both the two organizations. Environment: -RHEL Build: RHEL-7.3-20161005.0-Server-x86_64 -Satellite Server: Satellite6.2.3-20161007.0 (10.73.3.245) Packages: -virt-who-0.17-10.el7.noarch -subscription-manager-1.17.15-1.el7.x86_64 -python-rhsm-1.17.9-1.el7.x86_64 virt-who config: [test-libvirt] type=libvirt server=qemu+ssh://10.66.144.10/system username=root password=redhat2016 owner=Default_Organization/ACME_Corporation env=Library rhsm_username=admin rhsm_password=admin According to comment 22, virt-who can send correct h/g mapping info to satellite after setting correct "owner", "rhs_username and rhsm_password". Therefore, closed it on Satellite-6.2.0-RHEL-7-20161007.0. |