Bug 1387978

Summary: Kaspersky Security for Virtualization fails to install on oVirt node
Product: [oVirt] vdsm Reporter: e.dokuchaev
Component: DocumentationAssignee: Dan Kenigsberg <danken>
Status: CLOSED NOTABUG QA Contact: Aharon Canan <acanan>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: ---CC: bugs, michal.skrivanek, teterkin
Target Milestone: ---Flags: rule-engine: planning_ack?
rule-engine: devel_ack?
rule-engine: testing_ack?
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-11 09:00:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Virt RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description e.dokuchaev 2016-10-24 05:57:26 UTC
Description of problem:
I try install Kaspersky Security for Virtualization 3.0 Light Agent to ovirt node. Some scripts need authentification   
example

./get_capabilities.sh

#!/bin/sh
virsh -c qemu:///system capabilities

./get_virsh_version.sh
#!/bin/sh
virsh -c qemu:///system version

./get_vm_names.sh
#!/bin/sh
virsh -c qemu:///system list --all --persistent --name

 
Version-Release number of selected component (if applicable):
Kaspersky Security for Virtualization 3.0 Light Agent Version:	3.4.44.7177

Can exclude authentification for virsh ?

Comment 1 Alexander Teterkin 2016-10-24 06:10:25 UTC
I have an additional comment.
If we do not use oVirt (just KVM only), Kaspersky for VE installs ok.
If we have oVirt installed, installation is hanging and we see that Kaspersky script is endlessly trying to authenticate running virsh.
We tried root user first, next we tried oVirt authenticated user. The last went further, but still stacked trying to get list of VMs.

Comment 2 Sandro Bonazzola 2016-10-24 07:11:47 UTC
I don't think this is an oVirt bug, nevertheless, keeping it open to allow vdsm people to review and maybe help configuring the system for allowing kaspersky to run on the host without breaking vdsm.

Comment 3 Michal Skrivanek 2016-11-11 09:00:43 UTC
If you can configure the product to work with the authentication set up by oVirt it would not cause any harm then (supposing that the product doesn't really break the functionality of VMs). That's the best option.

We configure by default a SASL-based authentication with oVirt user over the unix socket interface. You can either use the same user or add yours with your password or enable additional different authentication schemes and transports

Refer to https://libvirt.org/auth.html for further details