Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1076457

Summary: SSO not functional with or without guest agent
Product: Red Hat Enterprise Virtualization Manager Reporter: Lukas Svaty <lsvaty>
Component: ovirt-engineAssignee: Nobody <nobody>
Status: CLOSED NOTABUG QA Contact: Lukas Svaty <lsvaty>
Severity: urgent Docs Contact:
Priority: medium    
Version: 3.4.0CC: acathrow, cpelland, gklein, iheim, lpeer, lsvaty, michal.skrivanek, ofrenkel, Rhev-m-bugs, vfeenstr, yeylon
Target Milestone: ---Keywords: TestBlocker, Triaged
Target Release: 3.4.0   
Hardware: x86_64   
OS: Linux   
Whiteboard: virt
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-03-20 13:47:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 758946    
Attachments:
Description Flags
vdsm log of host
none
engine log none

Description Lukas Svaty 2014-03-14 11:40:27 UTC 
Description of problem:
SSO for user admin is not functional in av2.1
Engine.log
The problem might be in logged user (admin@internal)
Tried this also on ovirt admin@brq... and problem persists


Version-Release number of selected component (if applicable):
av2.1

How reproducible:
100%

Steps to Reproduce:
1. Create VM with Single On method User Guest Agent
2. Start VM wait for status UP
3. Open console in UserPortal

Actual results:
in additional info

Expected results:
[org.ovirt.engine.core.dal.job.ExecutionMessageDirector] (ajp--127.0.0.1-8702-1) [4730c340] The message key VmLogon is missing from bundles/ExecutionMessages
2014-01-24 16:46:08,670 INFO  [org.ovirt.engine.core.bll.VmLogonCommand] (ajp--127.0.0.1-8702-1) [4730c340] Running command: VmLogonCommand internal: false. Entities affected :  ID: e635b41a-a4f5-4e35-84fd-a6954036e221 Type: VM
2014-01-24 16:46:08,677 INFO  [org.ovirt.engine.core.vdsbroker.vdsbroker.VmLogonVDSCommand] (ajp--127.0.0.1-8702-1) [4730c340] START, VmLogonVDSCommand(HostName = host1-testday, HostId = 06cd23b4-e284-4904-926a-f49791c23db0, vmId=e635b41a-a4f5-4e35-84fd-a6954036e221, domain=internal, password=******, userName=admin), log id: 172f6ea8
2014-01-24 16:46:08,713 INFO  [org.ovirt.engine.core.vdsbroker.vdsbroker.VmLogonVDSCommand] (ajp--127.0.0.1-8702-1) [4730c340] FINISH, VmLogonVDSCommand, log id: 172f6ea8

Additional info:
engine.log part
2014-03-14 12:35:00,472 INFO  [org.ovirt.engine.core.bll.SetVmTicketCommand] (ajp-/127.0.0.1:8702-10) [4e35936c] Running command: SetVmTicketCommand internal: false. Entities affected :  ID: e6b03061-7a3b-46f4-9fff-a786b9d501d9 Type: VM
2014-03-14 12:35:00,483 INFO  [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (ajp-/127.0.0.1:8702-10) [4e35936c] START, SetVmTicketVDSCommand(HostName = red, HostId = 69542441-ee11-4c6c-92b3-93dae39ee4ff, vmId=e6b03061-7a3b-46f4-9fff-a786b9d501d9, ticket=3i6nqGEVWct5, validTime=120,m userName=admin, userId=fdfc627c-d875-11e0-90f0-83df133b58cc), log id: 7a1b6205
2014-03-14 12:35:00,533 INFO  [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (ajp-/127.0.0.1:8702-10) [4e35936c] FINISH, SetVmTicketVDSCommand, log id: 7a1b6205
2014-03-14 12:35:00,544 INFO  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp-/127.0.0.1:8702-10) [4e35936c] Correlation ID: 4e35936c, Call Stack: null, Custom Event ID: -1, Message: user admin initiated console session for VM a
2014-03-14 12:35:06,412 INFO  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (DefaultQuartzScheduler_Worker-64) Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User admin@internal is connected to VM a.
Comment 2 Omer Frenkel 2014-03-16 06:54:31 UTC 
please attach engine and vdsm log
Comment 3 Michal Skrivanek 2014-03-17 09:26:49 UTC 
guest agent logs as well. 
and details about the guest setup
Comment 4 Lukas Svaty 2014-03-19 14:19:21 UTC 
Created attachment 876363 [details]
vdsm log of host
Comment 5 Lukas Svaty 2014-03-19 14:20:00 UTC 
Created attachment 876365 [details]
engine log
Comment 6 Lukas Svaty 2014-03-19 14:22:20 UTC 
Nothing was logged into /var/log/ovirt-guest-agent/ovirt-guest-agent.log 

Added vdsm and engine log of actions:
Log to user portal with admin@internal
StartVM
Wait for VM status UP
Open Spice console
restart GA in VM
Close Spice console
Open Spice console
Comment 7 Michal Skrivanek 2014-03-19 15:35:00 UTC 
(In reply to Lukas Svaty from comment #6)
"Nothing was logged into /var/log/ovirt-guest-agent/ovirt-guest-agent.log "

nothing? so...was the agent running at all?
Comment 8 Lukas Svaty 2014-03-19 16:26:58 UTC 
My last log around time I was testing it on engine:
/var/log/ovirt-guest-agent/ovirt-guest-agent.log

MainThread::INFO::2014-03-13 17:12:39,089::ovirt-guest-agent::55::root::oVirt guest agent is down. <- 6 days ago (nothing from todays tests)

in VM service ovirt-guest-agent status: running
Comment 9 Lukas Svaty 2014-03-20 12:48:10 UTC 
After some configuration (no gdm installed previously) I got to this result:

VmLoggon is called, however user is not logged to VM

engine:

2014-03-20 13:26:22,464 INFO  [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (ajp-/127.0.0.1:8702-4) [6756e574] START, SetVmTicketVDSCommand(HostName = blue, HostId = 4118c061-331f-4983-9199-6bd269faae9b, vmId=e6b03061-7a3b-46f4-9fff-a786b9d501d9, ticket=4ENIygOvv+Zv, validTime=120,m userName=vdcadmin2, userId=8fb38dc7-6cc3-4678-bffe-bf9fbefbf839), log id: 6f9ad185
2014-03-20 13:26:22,521 INFO  [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (ajp-/127.0.0.1:8702-4) [6756e574] FINISH, SetVmTicketVDSCommand, log id: 6f9ad185
2014-03-20 13:26:22,541 INFO  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp-/127.0.0.1:8702-4) [6756e574] Correlation ID: 6756e574, Call Stack: null, Custom Event ID: -1, Message: user vdcadmin2 initiated console session for VM a
2014-03-20 13:26:22,577 WARN  [org.ovirt.engine.core.dal.job.ExecutionMessageDirector] (ajp-/127.0.0.1:8702-7) [1beaf8be] The message key VmLogon is missing from bundles/ExecutionMessages
2014-03-20 13:26:22,633 INFO  [org.ovirt.engine.core.bll.VmLogonCommand] (ajp-/127.0.0.1:8702-7) [1beaf8be] Running command: VmLogonCommand internal: false. Entities affected :  ID: e6b03061-7a3b-46f4-9fff-a786b9d501d9 Type: VM
2014-03-20 13:26:22,637 INFO  [org.ovirt.engine.core.vdsbroker.vdsbroker.VmLogonVDSCommand] (ajp-/127.0.0.1:8702-7) [1beaf8be] START, VmLogonVDSCommand(HostName = blue, HostId = 4118c061-331f-4983-9199-6bd269faae9b, vmId=e6b03061-7a3b-46f4-9fff-a786b9d501d9, domain=ad2.rhev.lab.eng.brq.redhat.com, password=******, userName=vdcadmin2), log id: 6427ebd8
2014-03-20 13:26:22,642 INFO  [org.ovirt.engine.core.vdsbroker.vdsbroker.VmLogonVDSCommand] (ajp-/127.0.0.1:8702-7) [1beaf8be] FINISH, VmLogonVDSCommand, log id: 6427ebd8


guest-agent in vm:
Dummy-1::INFO::2014-03-20 13:26:22,640::OVirtAgentLogic::169::root::Received an external command: login...
Dummy-1::INFO::2014-03-20 13:26:22,640::CredServer::207::root::The following users are allowed to connect: [0]
Dummy-1::INFO::2014-03-20 13:26:22,640::CredServer::273::root::Opening credentials channel...
Dummy-1::INFO::2014-03-20 13:26:22,640::CredServer::132::root::Emitting user authenticated signal (718271).
CredChannel::INFO::2014-03-20 13:26:27,646::CredServer::241::root::Credentials channel timed out. 
Dummy-1::INFO::2014-03-20 13:26:27,646::CredServer::277::root::Credentials channel was closed.
Comment 11 Vinzenz Feenstra [evilissimo] 2014-03-20 13:47:14 UTC 
You have not being logged in because you did not start gdm correctly and SELINUX blocked you.

Once on runlevel5 and gdm is started the right way the SSO works on your setup.
Comment 12 Lukas Svaty 2014-03-20 13:58:04 UTC 
Verified this with suggested config. CLOSED -> NOTABUG