Bug 1369303

Summary:	[RFE] Request for implementation of mechanism to allow for a targeted VMware host refresh to be performed indirectly via a provider rather than directly between a CFME instance and a host instance
Product:	Red Hat CloudForms Management Engine	Reporter:	Thomas Hennessy <thenness>
Component:	Providers	Assignee:	Adam Grare <agrare>
Status:	CLOSED NOTABUG	QA Contact:	Dave Johnson <dajohnso>
Severity:	medium	Docs Contact:
Priority:	medium
Version:	5.6.0	CC:	agrare, carnott, jdeubel, jfrey, jhardy, jocarter, myoder, obarenbo
Target Milestone:	GA	Keywords:	FutureFeature
Target Release:	5.7.0
Hardware:	All
OS:	All
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2016-09-13 20:46:09 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:

Description Thomas Hennessy 2016-08-23 05:10:55 UTC

Description of problem: In the the VMware environment (and perhaps all others) it is necessary for a targeted refresh of a host to first establish a tcp session to the host, which requires credentias into the host< to perform a targeted refresh.  this request is to extend what is already available in Cloudforms in the case of smartstate analysis , which allows the smartstate analysis to be performed thru the VC rather than thru the ESX host, to allow a targeted refresh to be performed thru the VC rather than requiring a session into the host.

The business case is to allow targeted refreshes where the VC credentials are sufficient to support the collection of the inventory of an estate without host credentials to also be used to forego the need of credentialing all of the hosts in the VMware environment so that tcp sessions are not needed to allow the recogniztion of newly provisioned VMs to be instantiated into the VMDB and to allow provisioning to be supported in environments where host credentials are not readily allowed for CFME.


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 2 Thomas Hennessy 2016-08-23 12:59:31 UTC

Additional Information to answer the anticipated question "What is the problem you are trying to solve?"

Recently (Summer of 2016) several cases have been opened with GSS that resolved down to some confusion about why provisioning was not working when it was clear that the provider refresh process was capable of (apparently) seeing the entire virtual estate but not able to instantiate a new VM in a timely enough manner to  allow provisioning to be successful.

In several of these cases, the answer is that the credentials being used by CFME are sufficient to gather inventory information from the VC but credentials had not been provided and would not be provided to allow CFME to access ESX hosts directly.

Additionally, there is not a good understanding within the consulting community about the requirement to have working credentials for ESX Hosts in order for newly created VMs to be quickly instantiated into the VMDB which is adding to the frequency of these types of cases.

It seemed to me that just as with the smart-state analysis where a setting can be made to direct the collection of smart-state information to be gathered using the VC as a proxy and allowing smart-state analysis to succeed, and given that the periodic provider refreshes (a provider-only activity) seemed to be able to cause new infrastructure elements to be instantiated into the VMDB, that it should also be "low hanging fruit" to create a new setting, perhaps on a by provider basis that would allow the targeted refreshed created by the capture of the VMware event indicating the creation of a new VM to be performed through the provider as well, by passing the issues we are increasingly encountering where ESX host credentials are not being shared with the CFME team/staff at customer locations.

Comment 4 Adam Grare 2016-09-13 20:46:09 UTC

Host targeted refresh only uses data from the VC and does not connect to hosts directly.  Issues reported were believed to be unrelated to host credentials not being added.