Bug 1425122

Summary: [Sysprep] authz name is not set as domain in new VM dialog
Product: [oVirt] ovirt-engine Reporter: Israel Pinto <ipinto>
Component: BLL.VirtAssignee: Sharon Gratch <sgratch>
Status: CLOSED CURRENTRELEASE QA Contact: Israel Pinto <ipinto>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 4.1.1CC: bugs, ipinto, lveyde, mperina, omachace, tjelinek
Target Milestone: ovirt-4.1.2Flags: tjelinek: ovirt-4.1?
ipinto: planning_ack?
rule-engine: devel_ack+
rule-engine: testing_ack+
Target Release: 4.1.2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-05-23 08:15:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Virt RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1380128    
Attachments:
Description Flags
screenshot none

Description Israel Pinto 2017-02-20 15:46:31 UTC 
Description of problem:
While checking the RFE: https://bugzilla.redhat.com/show_bug.cgi?id=1380128
Created VM from Windows template (windows 2012 R2 64B)
Set sysprep and check the domain value.
The value is not set from authz name.

Version-Release number of selected component (if applicable):
Red Hat Virtualization Manager Version: 4.1.1.2-0.1.el7

Steps to Reproduce:
1. Run ovirt-engine-extension-aaa-ldap-setup for configuring AD.
2. Provide profile name with space:
Please specify profile name that will be visible to users [<domain>.com]: <name with space>
3. For windows guest after enabling Use Cloud-Init/Sysprep unable to save vm as domain name with space is not allowed.

Actual results:
Domain is not set in new VM only in edit VM Or if we restart the OS type
Comment 1 Martin Perina 2017-02-20 15:59:54 UTC 
Profile name should no longer be relevant for cloudinit/sysprep due to BZ1380128. Please share your aaa-ldap configuration, especially authz name (as mentioned in BZ1380128 authz name should be set to domain name)
Comment 2 Israel Pinto 2017-02-20 18:47:49 UTC 
(In reply to Martin Perina from comment #1)
> Profile name should no longer be relevant for cloudinit/sysprep due to
> BZ1380128. Please share your aaa-ldap configuration, especially authz name
> (as mentioned in BZ1380128 authz name should be set to domain name)

The steps are from the BZ1380128,
Now the domain is empty in New VM, after changing the OS (from window 2012 r2 64B to Windows 7) it update to:ad-w2k12r2-authz

See aaa-ldap configuration: 
[environment:default]
OVAAALDAP_LDAP/profile=str:ad
OVAAALDAP_LDAP/aaaProfileName=str:'ad-w2k12r2'
OVAAALDAP_LDAP/useDNS=bool:True
OVAAALDAP_LDAP/serverset=str:srvrecord
OVAAALDAP_LDAP/aaaProfileName=str:ad-w2k12r2
OVAAALDAP_LDAP/protocol=str:plain
OVAAALDAP_LDAP/domain=str:ad-w2k12r2.rhev.lab.eng.brq.redhat.com
OVAAALDAP_LDAP/user=str:user1.lab.eng.brq.redhat.com
OVAAALDAP_LDAP/password=str:Heslo123
OVAAALDAP_LDAP/toolEnable=bool:False
OVAAALDAP_LDAP/configOverwrite=bool:True
OVAAALDAP_LDAP/useVmSso=bool:False
Comment 3 Israel Pinto 2017-02-20 18:49:37 UTC 
Created attachment 1255848 [details]
screenshot
Comment 4 Michal Skrivanek 2017-02-21 06:07:36 UTC 
(keeping together with the original RFE)
Comment 5 Ondra Machacek 2017-02-21 09:12:04 UTC 
Just a note that to properly test VM SSO the authz name *MUST* be same as the domain name of the user which should be logged in to VM. So in this case the authz name must be:

 ad-w2k12r2.rhev.lab.eng.brq.redhat.com
Comment 6 Martin Perina 2017-02-21 09:20:18 UTC 
(In reply to Ondra Machacek from comment #5)
> Just a note that to properly test VM SSO the authz name *MUST* be same as
> the domain name of the user which should be logged in to VM. 

The same applies also for for sysprep/cloudinit as mentioned in BZ1380128. 

> So in this case the authz name must be:
> 
>  ad-w2k12r2.rhev.lab.eng.brq.redhat.com

Please make sure to allow VM SSO in ovirt-engine-extension-aaa-ldap-setup tool, so correct configuration files are created.
Comment 8 Martin Perina 2017-02-22 08:47:01 UTC 
Moving back to Virt, according to Tomas, the issue is New VM flow where domain is not properly updated, but everything should work properly when you execute sysprep/cloudinit using Edit VM dialog.
Comment 9 Sharon Gratch 2017-03-09 10:21:33 UTC 
The same problem of domain field not properly updated re-occurred also in Run-Once dialog ("Initial Run" section).
Comment 10 Israel Pinto 2017-05-04 08:02:50 UTC 
Verify with: 
RHVM Version: 4.1.2-0.1.el7

Steps:
1. Run ovirt-engine-extension-aaa-ldap-setup for configuring AD.
2. [Edit VM]
Create VM with 'other os' and update OS version to window_XX (desktop/server)
Enable sysprep and check that domain is update with 'aaaProfileName'
3. [New VM]
Create VM with OS version window_XX (desktop/server)
Enable sysprep and check that domain is update with 'aaaProfileName'

Results:
All cases pass