Bug 1435088

Summary: [Upgrade] Auto-Import of HostedEngine VM fails due to missing CPU Profile Permissions
Product: Red Hat Enterprise Virtualization Manager Reporter: Germano Veit Michel <gveitmic>
Component: ovirt-engineAssignee: Andrej Krejcir <akrejcir>
Status: CLOSED ERRATA QA Contact: Nikolai Sednev <nsednev>
Severity: medium Docs Contact:
Priority: high    
Version: 3.6.10CC: bgraveno, lsurette, mavital, rbalakri, Rhev-m-bugs, srevivo, ykaul, ylavi
Target Milestone: ovirt-4.1.2Keywords: Triaged, ZStream
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Previously, CPU profile permissions were checked even if the command to import a self-hosted engine virtual machine was run internally. If the CPU profile in the cluster did not have permissions for 'Everyone', the import would fail. This updated disables permission checking if the command is called internally.
 Story Points: ---
Clone Of:
: 1439240 (view as bug list) Environment:
Last Closed: 2017-05-24 11:22:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: SLA RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1439240    

Description Germano Veit Michel 2017-03-23 05:59:36 UTC 
Description of problem:

Initially I saw this on one of out test labs and thought it was just us messing around with every single option available. But now I saw it again.

CanDoAction of ImportVm during the Auto-Import of HE VM ends up calling assignFirstCpuProfile(). And in case the the Cluster the HE VM is being imported to is missing the permissions for CpuProfileOperator, the canDo validation fails and the HostedEngine VM is not imported with ACTION_TYPE_CPU_PROFILE_EMPTY. 

See:

2017-03-21 14:41:20,149 WARN  [org.ovirt.engine.core.bll.ImportVmCommand] (org.ovirt.thread.pool-6-thread-19) [] CanDoAction of action 'ImportVm' failed for user SYSTEM. Reasons: VAR__ACTION__IMPORT,VAR__TYPE__VM,ACTION_TYPE_CPU_PROFILE_EMPTY

2017-03-21 14:41:20,149 ERROR [org.ovirt.engine.core.bll.HostedEngineImporter] (org.ovirt.thread.pool-6-thread-19) [] Failed importing the Hosted Engine VM

And it keeps looping like this forever.

In both occurrences I saw the Cluster the HE VM is being imported to is not the Default one and is missing the CpuProfileOperator permission role, so HE Auto-Import fails.

Common Ground:
- Both were upgraded from 3.5
- Both have custom (user created) Clusters in which the HE runs (not Default name)
- Cluster already existed in 3.5

From what I can see CpuProfileOperator was introduced in 3.6.

Case 1 (ticket):
* 3.5 to 3.6 Upgrade
* Cluster the HE VM supposed to be imported already existed pre upgrade to 3.6

Case 2 (labs):
* 4.0 Standalone to 4.0 SHE Migration
* this has been upgraded all the way from early RHV 3.x
* Cluster HE VM was supposed to be imported to was definitely created pre-3.6

Version-Release number of selected component (if applicable):
rhevm-3.6.10.2-0.2.el6.noarch

How reproducible:
Not sure

More information:
* Shouldn't the HE VM Auto-Import process ensure the CpuProfile roles are in the cluster it's trying to import the VM to?
* Shouldn't these permissions be added to all clusters that are upgraded to 3.6? I can only see it added to the 'Default' cluster, not the user created cluster that runs HE.
Comment 6 Nikolai Sednev 2017-04-26 13:32:38 UTC 
Worked for me for latest 4.1, just like https://bugzilla.redhat.com/show_bug.cgi?id=1439240#c7 did.
Moving to verified.
Comment 8 errata-xmlrpc 2017-05-24 11:22:26 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1280