Bug 1413079

Summary: vdsm-tool configure --module sanlock doesn't actually confirm proper group membership
Product: Red Hat Enterprise Virtualization Manager Reporter: Jaroslav Suchanek <jsuchane>
Component: vdsmAssignee: Benny Zlotnik <bzlotnik>
Status: CLOSED WONTFIX QA Contact: Elad <ebenahar>
Severity: medium Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: dkelson, ebenahar, jsuchane, knoel, lsurette, nsoffer, srevivo, tnisan, virt-bugs, virt-maint, ycui, ylavi
Target Milestone: ovirt-4.3.0   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1396675 Environment:
Last Closed: 2018-08-06 08:50:29 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Storage RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Jaroslav Suchanek 2017-01-13 15:06:20 UTC
Description of problem:

TL;DR:

The "vdsm-tool configure --module sanlock" command should NOT report success if it isn't able to add the sanlock users to the groups and instead should report a helpful error message.

LONG VERSION:

vdsm-tool configure --module sanlock

The above command is supposed to add the sanlock user to the qemu and kvm groups.

If kvm is coming from IDM, this command will NOT be able to add the sanlock user to the group, however, the command will still report success! 

I know it is not advisable to have system group in IDM, but for other complicated reasons it was.

The "vdsm-tool configure" command should NOT report success if it isn't able to add the sanlock users to the groups and instead should report a helpful error message.

Comment 1 Nir Soffer 2017-01-17 10:54:31 UTC
Jaroslav,
- Did you run this with --force?
- How do you reproduce this issue?
- What is "kvm is comming from IDM"? do you mean there is no kvm group?

Comment 2 Jaroslav Suchanek 2017-01-17 16:04:25 UTC
(In reply to Nir Soffer from comment #1)
> Jaroslav,
> - Did you run this with --force?
> - How do you reproduce this issue?
> - What is "kvm is comming from IDM"? do you mean there is no kvm group?

I am sorry. I am not the original reporter. It is dkelson@gurulabs.com so I am resetting the needinfo.

Please note that this bug I cloned from bug 1396675. It was the only way how to move it from rhel product to rhev product. I am sorry about that.

Comment 3 Dax Kelson 2017-01-17 17:01:31 UTC
(In reply to Nir Soffer from comment #1)
> Jaroslav,
> - Did you run this with --force?

Yes

> - How do you reproduce this issue?

Have your box attached to a FreeIPA/IDM server with a kvm group defined in IDM.

> - What is "kvm is comming from IDM"? do you mean there is no kvm group?

There IS a kvm group, but it is in IDM not in /etc/group, thus vdsm-tool is unable to add the sanlock user to the kvm group.