Bug 1081042 - [vdsm] RHEVH vdsm-reg needs to fetch Certificate before register
Summary: [vdsm] RHEVH vdsm-reg needs to fetch Certificate before register
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-node-plugin-vdsm
Version: 3.3.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 3.4.0
Assignee: Douglas Schilling Landgraf
QA Contact: Tareq Alayan
URL:
Whiteboard: infra
Depends On:
Blocks: 1086841
TreeView+ depends on / blocked
 
Reported: 2014-03-26 14:37 UTC by Pavel Stehlik
Modified: 2016-02-10 19:29 UTC (History)
15 users (show)

Fixed In Version: ovirt-node-plugin-vdsm-0.1.1-15.el6ev
Doc Type: Bug Fix
Doc Text:
Previously, attempting to register a Red Hat Enterprise Virtualization Hypervisor with the Red Hat Enterprise Virtualization Manager would fail if the user specified port 443 as the port by which to connect to the Red Hat Enterprise Virtualization Manager but the certificate of that Red Hat Enterprise Virtualization Manager had not been retrieved. Now, users are prompted to accept the certificate provided by the Red Hat Enterprise Virtualization Manager specified in the Management Server field when registering the Red Hat Enterprise Virtualization Hypervisor and no certificate has been retrieved.
Clone Of:
: 1086841 (view as bug list)
Environment:
Last Closed: 2014-06-09 14:26:25 UTC
oVirt Team: Infra
Target Upstream Version:


Attachments (Terms of Use)
vdsm-reg-ssl.tgz (38.36 KB, application/x-gzip)
2014-03-26 14:37 UTC, Pavel Stehlik
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2014:0673 0 normal SHIPPED_LIVE ovirt-node-plugin-vdsm bug fix and enhancement update 2014-06-09 18:24:50 UTC
oVirt gerrit 26342 0 None None None Never

Description Pavel Stehlik 2014-03-26 14:37:46 UTC
Created attachment 879023 [details]
vdsm-reg-ssl.tgz

Description of problem:
 Issue found during registering REHVH via TUI & SSL port. After providing FQDN and Port the host didn't appear in rhevm. 
 Workaround is either to use port 80 or to Retrieve certificate (then Cert. status in tui is 'Verified'. 

If this is supposed workflow, feel free to change subject as 'missing error dialogue - fetch certificate first' (or similar).

....
MainThread::DEBUG::2014-03-26 14:15:05,640::vdsm-reg-setup::124::root::registerVDS URI= /RHEVManagerWeb/VdsAutoRegistration.aspx?vds_ip=10.34.63.135&__VIEWSTATE=&vds_unique_id=4C4C4544-0052-4C10-8058-B4C04F43354A&vds_name=slot-5.rhev.lab.eng.brq.redhat.com&ticket=&port=54321

MainThread::DEBUG::2014-03-26 14:15:05,666::vdsm-reg-setup::155::root::registerVDS status: 500 reason: Internal Server Error
MainThread::DEBUG::2014-03-26 14:15:05,666::vdsm-reg-setup::174::root::registerVDS end.
....

Version-Release number of selected component (if applicable):
RHEVH 6.5 (20140324.0.el6ev)
vdsm-4.13.2-0.13.el6ev.x86_64

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 Pavel Stehlik 2014-03-26 14:50:15 UTC
AFAIR in past there was a dialogue which provides cert info & offered Approve/Reject. Currently it's hidden behind another separate button.

Comment 2 Fabian Deutsch 2014-03-26 15:53:39 UTC
Pavel, can you just confirm:

The intdended workflow is:

Provide URL -> Retrieve Cert -> Save/Register -> Done


You did:

Provide URL-> Save/Register -> FAIL

Right?

Comment 3 Douglas Schilling Landgraf 2014-03-26 19:09:38 UTC
Fabian, to me looks like ovirt-node-plugin-vdsm isn't?

Comment 4 Fabian Deutsch 2014-03-27 16:36:28 UTC
Hey Douglas,

we need to take crae that we are not mixing two issues here.
In the description I see the 500 error - that might be one issue.
And the "unusual" workflow might be a second issue.

Maybe someone with vdsm knowledge can tell if the 500 error is okay?

Comment 5 Alon Bar-Lev 2014-03-27 18:41:19 UTC
Hi,

Please attach engine log so we can see why 500 was returned.

Thanks,

Comment 7 Alon Bar-Lev 2014-03-27 20:27:18 UTC
2014-03-25 20:01:34,009 ERROR [org.ovirt.engine.core.bll.RegisterVdsQuery] (ajp-/127.0.0.1:8702-11) Query execution failed due to invalid inputs. Invalid OTP for host 10.34.63.135

2014-03-25 20:01:34,009 ERROR [org.ovirt.engine.core.register.RegisterServlet] (ajp-/127.0.0.1:8702-11) Failed to run RegisterVds.

Never saw this message... and no ticket is sent:

URI= /RHEVManagerWeb/VdsAutoRegistration.aspx?vds_ip=10.34.63.135&__VIEWSTATE=&vds_unique_id=4C4C4544-0052-4C10-8058-B4C04F43354A&vds_name=slot-5.rhev.lab.eng.brq.redhat.com&ticket=&port=54321

So it is very strange, can you please enable engine debug log and retry? Please do not use http it should not be used for production.

I would like to see this from RegisterServlet:

            log.debug("Using the following parameters to call query:\nIP: " + strIP + ", Name: "
                    + strName + ", UUID: " + strID + ", Port: " + nPort + otpMessage);

Just for the record in 3.4 I removed the entire otp handling... as it was a mess.

Comment 8 Douglas Schilling Landgraf 2014-03-28 03:48:00 UTC
IMO ovirt-node-plugin-vdsm should popup to users the certificate when they register via https to accept it or not (even if they do not select "Retrieve Certificate" button). Pavel, raising needinfo by comment#7, we might need to split this bugzilla.

Comment 9 Douglas Schilling Landgraf 2014-04-01 21:44:16 UTC
Moving to post since the original bug report is about collect the cert without the Retrieve Certificate button.

Comment 15 Fabian Deutsch 2014-04-07 07:23:22 UTC
Removing the Regression keyword, as it has been like this since 3.3 GA.

Comment 18 Tareq Alayan 2014-05-04 14:01:42 UTC
verified with verified on ovirt-node-plugin-vdsm-0.1.1-17.el6ev.noarch

Comment 19 errata-xmlrpc 2014-06-09 14:26:25 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-0673.html


Note You need to log in before you can comment on or make changes to this bug.