Bug 1277543

Summary: Can't delete ssh public key via WEBUI for serial-console, neither replace it with another key.
Product: [oVirt] ovirt-engine Reporter: Nikolai Sednev <nsednev>
Component: Backend.CoreAssignee: jniederm
Status: CLOSED WORKSFORME QA Contact: Nikolai Sednev <nsednev>
Severity: high Docs Contact:
Priority: unspecified    
Version: 3.6.0.2CC: bugs, jniederm, michal.skrivanek, oourfali
Target Milestone: ---Flags: rule-engine: planning_ack?
rule-engine: devel_ack?
rule-engine: testing_ack?
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard: virt
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-05 12:58:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1239283    
Attachments:
Description Flags
engine's log none

Description Nikolai Sednev 2015-11-03 14:29:05 UTC
Created attachment 1089019 [details]
engine's log

Description of problem:
Operation Canceled
Error while executing action: ACTION_TYPE_FAILED_PROFILE_ALREADY_EXISTS

Version-Release number of selected component (if applicable):
Engine on RHEL6.7:
ovirt-vmconsole-proxy-1.0.0-1.el6ev.noarch
ovirt-vmconsole-1.0.0-1.el6ev.noarch
rhevm-3.6.0.2-0.1.el6.noarch
rhevm-guest-agent-common-1.0.11-2.el6ev.noarch

Host with these components:
ovirt-vmconsole-1.0.0-0.0.6.master.el7ev.noarch
ovirt-release36-001-0.5.beta.noarch
mom-0.5.1-2.el7.noarch
ovirt-hosted-engine-setup-1.3.1-0.0.master.20151020145724.git565c3f9.el7.centos.noarch
ovirt-setup-lib-1.0.0-1.20150922141000.git147e275.el7.centos.noarch
ovirt-host-deploy-1.5.0-0.0.master.20151015221110.gitc2abfed.el7.noarch
ovirt-release36-snapshot-001-0.5.beta.noarch
vdsm-4.17.10-13.gite438b03.el7.noarch
qemu-kvm-rhev-2.3.0-31.el7.x86_64
ovirt-hosted-engine-ha-1.3.1-1.20151016090950.git5ea5093.el7.noarch
sanlock-3.2.4-1.el7.x86_64
ovirt-engine-sdk-python-3.6.0.4-0.1.20151014.git117764a.el7.centos.noarch
ovirt-vmconsole-host-1.0.0-0.0.6.master.el7ev.noarch


How reproducible:
100%

Steps to Reproduce:
1.Deploy HE on host and get the engine running.
2.Create the VM with RHEL7.2 on it and check that serial-getty is running, if not, start it "systemctl start serial-getty".
3.Generate the ssh public key to get connected via serial console to VM on your laptop, by casting "ssh-keygen" 
# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
4.Copy your public key stored in "/root/.ssh/id_rsa.pub" to your engine.
5.Set permissions for VM for Everyone and make sure that "Everyone" will have the UserVmManager role assigned, so it could let the serial-console connectivity to be established for the VM.
6.Edit VM and mark the "Enable VirtIO serial console" at the "Console" tab.
7.Start the VM.
8.Connect to the VM via serial console from your laptop, using "ssh -v -t -i $HOME/.ssh/id_rsa -p 2222 ovirt-vmconsole@put_your_engine's_FQDN/IP_here connect" command.
9.Now try wiping out the key you've placed or replace it with another key.

Actual results:
Error while executing action: ACTION_TYPE_FAILED_PROFILE_ALREADY_EXISTS
"2015-11-03 15:58:34,239 WARN  [org.ovirt.engine.core.bll.AddUserProfileCommand] (ajp-/127.0.0.1:8702-7) [48ef3960] CanDoAction of action 'AddUserP
rofile' failed for user admin@internal. Reasons: VAR__ACTION__ADD,VAR__TYPE__USER_PROFILE,ACTION_TYPE_FAILED_PROFILE_ALREADY_EXISTS
"

Expected results:
Keys should be deleted or changed.

Additional info:
engine log is attached.

Comment 1 Michal Skrivanek 2015-11-05 12:58:47 UTC
finally found out
caused by manually compromised/modified setup with 3.6.1 bits (bll.jar) causing mismatch between frontend and backend

(changes done apparently during testing of HE import problem)