| Summary: | VMware LogUserEvent fails with permission denied | ||
|---|---|---|---|
| Product: | Red Hat CloudForms Management Engine | Reporter: | Adam Grare <agrare> |
| Component: | Providers | Assignee: | Adam Grare <agrare> |
| Status: | CLOSED NOTABUG | QA Contact: | Ievgen Zapolskyi <izapolsk> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 5.6.0 | CC: | greartes, jdeubel, jfrey, jhardy, obarenbo |
| Target Milestone: | GA | ||
| Target Release: | 5.7.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | provider:event, authentication:maintenance | ||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-10-26 12:49:13 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
I am able to reproduce this error if I do not enable the "Global.LogEvent" privilege for the MIQ user. This privilege is defined as "Allows logging a user-defined event against a particular managed entity." and is specified as required in the CFME documentation here "1.4.2.1. Using a Non-Administrator Account for Host Credentials" Can we confirm that this privilege is given to the user that CFME uses to authenticate to vCenter? Works when user permissions are configured per CFME documentation. |
Description of problem: User actions on a VM that log an event with VMware (e.g.: vm_start, vm_stop, vm_destroy) call the VIM API call EventMonitor.LogUserEvent. This API call fails with 'Permission to perform this operation was denied.' [----] E, [2016-09-13T13:53:22.030984 #9274:897998] ERROR -- : MIQ(MiqQueue#m_callback) Message id: [100000000401138]: Handsoap::Fault { :code => 'ServerFault Code', :reason => 'Permission to perform this operation was denied.' } [----] E, [2016-09-13T13:53:22.031084 #9274:897998] ERROR -- : MIQ(MiqQueue#m_callback) backtrace: (druby://127.0.0.1:35922) /opt/rh/cfme-gemset/bundler/gems/ handsoap-4b342ee6124d/lib/handsoap/service.rb:195:in `on_fault' (druby://127.0.0.1:35922) /opt/rh/cfme-gemset/bundler/gems/handsoap-4b342ee6124d/lib/handsoap/service.rb:283:in `dispatch' (druby://127.0.0.1:35922) /opt/rh/cfme-gemset/bundler/gems/handsoap-4b342ee6124d/lib/handsoap/service.rb:189:in `invoke' (druby://127.0.0.1:35922) /var/www/miq/vmdb/gems/pending/VMwareWebService/VimService.rb:468:in `logUserEvent' (druby://127.0.0.1:35922) /var/www/miq/vmdb/gems/pending/VMwareWebService/MiqVimInventory.rb:1933:in `logUserEvent' (druby://127.0.0.1:35922) /var/www/miq/vmdb/gems/pending/VMwareWebService/MiqVimVm.rb:1210:in `logUserEvent' (druby://127.0.0.1:35922) /opt/rh/rh-ruby22/root/usr/share/ruby/drb/drb.rb:1624:in `perform_without_block' (druby://127.0.0.1:35922) /opt/rh/rh-ruby22/root/usr/share/ruby/drb/drb.rb:1584:in `perform' (druby://127.0.0.1:35922) /opt/rh/rh-ruby22/root/usr/share/ruby/drb/drb.rb:1657:in `block (2 levels) in main_loop' (druby://127.0.0.1:35922) /opt/rh/rh-ruby22/root/usr/share/ruby/drb/drb.rb:1653:in `loop' (druby://127.0.0.1:35922) /opt/rh/rh-ruby22/root/usr/share/ruby/drb/drb.rb:1653:in `block in main_loop' (druby://127.0.0.1:35922) /opt/rh/cfme-gemset/gems/logging-2.1.0/lib/logging/diagnostic_context.rb:450:in `call' (druby://127.0.0.1:35922) /opt/rh/cfme-gemset/gems/logging-2.1.0/lib/logging/diagnostic_context.rb:450:in `block in create_with_logging_context' /var/www/miq/vmdb/app/models/manageiq/providers/vmware/infra_manager.rb:448:in `block in invoke_vim_ws' /var/www/miq/vmdb/app/models/mixins/provider_object_mixin.rb:15:in `block in with_provider_object' /var/www/miq/vmdb/app/models/mixins/vim_connect_mixin.rb:36:in `with_provider_connection' /var/www/miq/vmdb/app/models/mixins/provider_object_mixin.rb:12:in `with_provider_object' /var/www/miq/vmdb/app/models/manageiq/providers/vmware/infra_manager.rb:447:in `invoke_vim_ws' /var/www/miq/vmdb/app/models/manageiq/providers/vmware/infra_manager.rb:166:in `vm_start' Version-Release number of selected component (if applicable): 5.6.1.2