Bug 1032849 - lmi command fails with certificate error
lmi command fails with certificate error
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: tog-pegasus (Show other bugs)
22
x86_64 Linux
unspecified Severity high
: ---
: ---
Assigned To: Stephen Gallagher
Fedora Extras Quality Assurance
:
Depends On:
Blocks: 1041555
  Show dependency treegraph
 
Reported: 2013-11-20 21:31 EST by Russell Doty
Modified: 2016-06-30 07:00 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-06-07 09:46:16 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch to generate a mini-CA and save that CA to the shared trust store (11.91 KB, patch)
2013-12-13 11:22 EST, Stephen Gallagher
sgallagh: review? (vcrhonek)
Details | Diff

  None (edit)
Description Russell Doty 2013-11-20 21:31:35 EST
Description of problem:

The command "lmi hwinfo" fails with file not found.


Version-Release number of selected component (if applicable):


How reproducible:

Every time.

Steps to Reproduce:
1. Install tog-pegasus
2. Install openlmi
3. Start tog-pegasus
4. Run "lmi hwinfo"

Actual results:

# lmi hwinfo
ERROR: invocation failed for host "https://localhost": (1, u'CIM_ERR_FAILED: File "libComputerSystemProvider.so" was not found for provider module "ComputerSystemModule".')
There was 1 error:
host https://localhost
    CIM_ERR_FAILED: File "libComputerSystemProvider.so" was not found for provider module "ComputerSystemModule".: 


Expected results:

Report on hwinfo

Additional info:

This is on a fresh install of F20 Beta.

Used setenforce 0 and verified that selinux is in permissive mode.

Tried command as normal user and su.
Comment 1 Russell Doty 2013-11-20 21:37:08 EST
Command works when used with the noverify option:

$ lmi -n hwinfo
username: root
password: 
                
Hostname:      localhost 
                
Chassis Type:  Desktop 
Manufacturer:  Gigabyte Technology Co., Ltd. 
Model:          (GA-MA78GM-S2H) 
Serial Number: Not Specified 
Asset Tag:     0 
                
CPU:           AMD Phenom(tm) 9550 Quad-Core Processor 
Topology:      1 cpu(s), 1 core(s), 1 thread(s) 
Max Freq:      3000 MHz 
Arch:          x86_64 
                
Memory:        4 GB 
Slots:         2 used, 4 total 


This is odd, as I had configured the SSL certificates using the instructions at http://www.openlmi.org/PegasusSSL.

How do you check certificate status?
Comment 2 Russell Doty 2013-11-20 21:45:08 EST
The command should return a message that the SSL certificate is not properly configured rather than failing with a file not found message.
Comment 3 Russell Doty 2013-11-20 21:51:30 EST
If selinux is in enforcing mode the lmi command fails:

When run as regular user:

]$ lmi -n hwinfo
username: root
password: 
ERROR: invocation failed for host "https://localhost": 'NoneType' object has no attribute 'ChassisPackageType'
There was 1 error:
host https://localhost
    (AttributeError) 'NoneType' object has no attribute 'ChassisPackageType'
[rdoty@localhost ~]$ lmi hwinfo
username: root
password: 
ERROR: invocation failed for host "https://localhost": 'NoneType' object has no attribute 'ChassisPackageType'
There was 1 error:
host https://localhost
    (AttributeError) 'NoneType' object has no attribute 'ChassisPackageType'

When run as root:

]$ su
Password: 
[root@localhost rdoty]# lmi hwinfo
ERROR: invocation failed for host "https://localhost": (1, u'CIM_ERR_FAILED: File "libComputerSystemProvider.so" was not found for provider module "ComputerSystemModule".')
There was 1 error:
host https://localhost
    CIM_ERR_FAILED: File "libComputerSystemProvider.so" was not found for provider module "ComputerSystemModule".: 
[root@localhost rdoty]# lmi -n hwinfo
ERROR: invocation failed for host "https://localhost": (1, u'CIM_ERR_FAILED: File "libComputerSystemProvider.so" was not found for provider module "ComputerSystemModule".')
There was 1 error:
host https://localhost
    CIM_ERR_FAILED: File "libComputerSystemProvider.so" was not found for provider module "ComputerSystemModule".:
Comment 4 Tomas Smetana 2013-11-21 07:54:09 EST
Filed bug #1033027 against the SELinux policy to fix the AVC denials.  I don't have any answers to the certificate verification problem yet.
Comment 5 Stephen Gallagher 2013-12-13 11:19:17 EST
Re-purposing this ticket to focus on the certificate problems faced by the local testing user.

What we want to do is to have the self-signed certificate trusted for use with the local system.
Comment 6 Stephen Gallagher 2013-12-13 11:22:57 EST
Created attachment 836377 [details]
Patch to generate a mini-CA and save that CA to the shared trust store

With this patch (submitted upstream at http://bugzilla.openpegasus.org/show_bug.cgi?id=9831) we will generate a single-use CA certificate and a service certificate for Pegasus. We will sign the service certificate and then discard the private key for the CA certificate (ensuring that it cannot be used to sign anything else). We will then copy the mini-CA into the shared certificate store.
Comment 7 Jaroslav Reznik 2015-03-03 11:57:01 EST
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle.
Changing version to '22'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22

Note You need to log in before you can comment on or make changes to this bug.