Bug 1332167

Summary: Import VMs from XEN is not supporting other users than VDSM user.
Product: [oVirt] ovirt-engine Reporter: Nisim Simsolo <nsimsolo>
Component: BLL.VirtAssignee: Tomáš Golembiovský <tgolembi>
Status: CLOSED NOTABUG QA Contact: Nisim Simsolo <nsimsolo>
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.0.0CC: bugs, nsimsolo
Target Milestone: ---Flags: rule-engine: planning_ack?
rule-engine: devel_ack?
rule-engine: testing_ack?
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-06-06 12:46:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Virt RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1303548    
Attachments:
Description Flags
VDSM log none

Description Nisim Simsolo 2016-05-02 12:08:01 UTC 
Description of problem:
Currently, In order to import XEN VMs, an RSA key pair exchange is needed between RHEV host and XEN server using VDSM user (see doc text of bug https://bugzilla.redhat.com/show_bug.cgi?id=1303548)
When doing the same key exchange for other users (root for example) than VDSM user and afterward trying to list XEN VMs before import (using webadmin), the action failed with the next vdsm.log error:
jsonrpc.Executor/0::ERROR::2016-05-02 14:45:18,312::v2v::144::root::(get_external_vms) error connection to hypervisor: 'Cannot recv data: Host key verification failed.: Connection reset 
by peer'

Version-Release number of selected component (if applicable):
ovirt-engine-4.0.0-0.0.master.20160423161403.gite38df80.el7.centos.noarch
vdsm-4.17.999-1032.git4e6068b.el7.centos.noarch
libvirt-1.2.17-13.el7_2.4.x86_64
qemu-kvm-rhev-2.3.0-31.el7_2.12.x86_64

Xen server:
RHEL 5.10 with kernel 2.6.18-371.12.1.el5xen

How reproducible:
100%

Steps to Reproduce:
1. Login to RHEV host with root user, and generate RSA key pair: 
# ssh-keygen.
2. From RHEV host (root user), open ssh session to XEN server.
# ssh root@xen-server
3. Exit ssh session and copy ssh-id: 
# ssh-copy-id root@xen-server
4. Verify ssh authentication from RHEV host to XEN server is now passwordless.
5. Browse webadmin -> Virtual machines -> import: try to list available VMs to import from XEN environment.

Actual results:
Action failed

Expected results:
Import from XEN server should support other users and not only VDSM user, as mentioned in bug comment https://bugzilla.redhat.com/show_bug.cgi?id=1303548#c4, we should avoid messing with VDSM user because it can lead to a general system malfunction.

Additional info:
vdsm log attached.
Comment 1 Nisim Simsolo 2016-05-02 12:09:13 UTC 
Created attachment 1152926 [details]
VDSM log
Comment 2 Tomáš Golembiovský 2016-06-06 12:46:40 UTC 
For the conversion we are using the same user under which VDSM process runs.