Bug 1275913

Summary: Smart State Analysis on VMware fails with non-root user with Admin Privileges
Product: Red Hat CloudForms Management Engine Reporter: Prasad Mukhedkar <pmukhedk>
Component: SmartState AnalysisAssignee: Hui Song <hsong>
Status: CLOSED WONTFIX QA Contact: Satyajit Bulage <sbulage>
Severity: high Docs Contact:
Priority: high    
Version: 5.4.0CC: fdewaley, jhardy, jprause, obarenbo, pmukhedk, roliveri, sshveta, tcarlin
Target Milestone: GA   
Target Release: 5.6.0   
Hardware: x86_64   
OS: Linux   
Whiteboard: smartstate:vmware:retest
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1290168 (view as bug list) Environment:
Last Closed: 2016-06-27 16:23:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1290168    

Description Prasad Mukhedkar 2015-10-28 06:14:29 UTC 
Description of problem:

Smart state analysis on vmware VMs fails with non-root user having 
"Administrator" role - the same role as root has assigned.

 
- When running SSA as a non-root user (in this case "evm" is the username) I get this:
 http://pastebin.test.redhat.com/322853

- Running as root, in the same part of the logs where this happens for evm, I see this:
 And then the smart-state analysis continues successfully.
 http://pastebin.test.redhat.com/322854


So I’m guessing the Nfcsvc plugin not getting started when running as a non-root user has something to do with the failure. 



Version-Release number of selected component (if applicable):
cfme-5.4.1.0-1.el6cf.x86_64
vmware vsphere 5.5

How reproducible:
Always 

Steps to Reproduce:
1. Create a local user with Administrator privileges on one ESX server
2. Use this user with host (Infrastructure --> Hosts --> --> Configuration --> Edit this host --> Credentials --> Default)
3. Perform the smart state analysis on the VMs

Actual results:
Smart state analysis fails 

Expected results:
Fleecing should successful as we are giving administrator privileges
to the non-root user. 

Additional info:
Comment 2 Prasad Mukhedkar 2015-10-28 06:15:16 UTC 
http://talk.manageiq.org/t/ssa-on-vmware-fails-with-non-root-user-with-admin-priviliges/693
Comment 5 Prasad Mukhedkar 2016-03-22 06:30:04 UTC 
Hui Song, Yeah, I just tested with 6.0 VDDK and could perform smart state analysis successfully without non-root (with admin privileges) user. 

Question : VDDK 6.0 is supported on cfme 5.4 ? If I remember there were some issues. If it's not supported on cfme 5.4 or lower version at all. We may need to add a big note stating root user required to perform SSA in documentation if its bug in vddk 5.5 side. 


CloudForms Management Engine 5.3 supports VDDK 5.5 (VMware-vix-disklib-5.5.0-1284542.x86_64.tar.gz).
CloudForms Management Engine 5.2 supports VDDK 5.5 (VMware-vix-disklib-5.5.0-1284542.x86_64.tar.gz).
CloudForms Management Engine (CFME) 5.1 supports VDDK 1.2.2 (VMware-vix-disklib-1.2.2-702422.x86_64.tar.gz).

https://access.redhat.com/articles/375983


Let me know your thoughts please. We can then approach to documentation team.
Comment 6 Hui Song 2016-03-22 13:52:02 UTC 
(In reply to Prasad Mukhedkar from comment #5)
> 
> Question : VDDK 6.0 is supported on cfme 5.4 ? If I remember there were some
> issues. If it's not supported on cfme 5.4 or lower version at all. We may
> need to add a big note stating root user required to perform SSA in
> documentation if its bug in vddk 5.5 side. 
> 

I am not really sure if cfme 5.4 supports VDDK 6.0 or not. But I didnt' feel any problems. The real issue here is the version of vmware providers inside of cfme 5.4 should follow the vmware support matrix:

"The VMware policy concerning backward and forward compatibility is for VDDK to support N-2 and N+1 releases. In other words, VDDK 5.5 and all of its update releases support vSphere 5.0, 5.1, and 6.0 (except new features)."

Rich, could you answer the question?
Comment 7 Hui Song 2016-04-04 19:52:42 UTC 
*** Bug 1221706 has been marked as a duplicate of this bug. ***