Bug 1691933

Summary: /etc/sudoers.d/50_vdsm_hook_ovirt_provider_ovn_hook is missing the commands of ovirt_provider_ovn_vhostuser_hook
Product: [oVirt] ovirt-provider-ovn Reporter: Dominik Holler <dholler>
Component: driverAssignee: Andrej Cernek <acernek>
Status: CLOSED CURRENTRELEASE QA Contact: msheena
Severity: low Docs Contact:
Priority: low    
Version: 1.2.7CC: bugs, danken, eraviv, lsvaty, mburman, mduarted, royoung
Target Milestone: ovirt-4.3.7Keywords: Rebase, ZStream
Target Release: 1.2.25Flags: sbonazzo: ovirt-4.3?
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ovirt-provider-ovn-1.2.25 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-11-21 12:44:33 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Network RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Dominik Holler 2019-03-22 21:00:27 UTC
Description of problem:
ovirt_provider_ovn_vhostuser_hook.py and delete_vhostuserclient_hook.py calls `sudo ovs-vsctl`, but this is not allowed by the suders file.


Steps to Reproduce:
1. Uninstall vdsm-hook-openstacknet on a host
2. Start a VM with an ovn network on this host

Actual results:
Starting VM fails with:
 INFO  (vm/e54f8a2d) [root] /usr/libexec/vdsm/hooks/before_device_create/20_ovirt_provider_ovn_vhostuser_hook: rc=1 err=Traceback (most recent call last):
  File "/usr/libexec/vdsm/hooks/before_device_create/20_ovirt_provider_ovn_vhostuser_hook", line 134, in <module>
    main()
  File "/usr/libexec/vdsm/hooks/before_device_create/20_ovirt_provider_ovn_vhostuser_hook", line 120, in main
    if not is_netdev_datapath():
  File "/usr/libexec/vdsm/hooks/before_device_create/20_ovirt_provider_ovn_vhostuser_hook", line 110, in is_netdev_datapath
    data, headings = list_ovs_table('bridge')
  File "/usr/libexec/vdsm/hooks/before_device_create/20_ovirt_provider_ovn_vhostuser_hook", line 42, in list_ovs_table
    exec_cmd('ovs-vsctl', '--format=json', 'list', table)[0]
  File "/usr/libexec/vdsm/hooks/before_device_create/20_ovirt_provider_ovn_vhostuser_hook", line 36, in exec_cmd
    (args, err))
RuntimeError: Failed to execute ('ovs-vsctl', '--format=json', 'list', 'bridge'), due to: ['sudo: a password is required']
 (hooks:114)

Expected results:
VM starts

Additional info:

Comment 1 msheena 2019-08-04 12:33:31 UTC
Verified with
==============
ovirt-engine-4.3.6-0.1.el7.noarch
ovirt-provider-ovn-1.2.25-1.el7ev.noarch

rhv-openvswitch-2.11-5.el7ev.noarch
rhv-python-openvswitch-2.11-5.el7ev.noarch
openvswitch2.11-2.11.0-9.el7fdp.x86_64

Comment 2 Dominik Holler 2019-09-04 06:48:50 UTC
Changing target milestone because bug 1744235 blocks 1.2.25 being part of ovirt-4.3.6.

Comment 6 Sandro Bonazzola 2019-11-21 12:44:33 UTC
This bugzilla is included in oVirt 4.3.7 release, published on November 21st 2019.

Since the problem described in this bug report should be
resolved in oVirt 4.3.7 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.