Bug 1120621 - [rhevh7] CIM funtion doesn't work
Summary: [rhevh7] CIM funtion doesn't work
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-node
Version: 3.5.0
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: ---
: 3.5.0
Assignee: Ryan Barry
QA Contact: Virtualization Bugs
URL:
Whiteboard: node
Depends On: 1102477 1156093 1166044
Blocks: rhevh-7.0 rhev3.5beta 1156165 rhev35rcblocker rhev35gablocker
TreeView+ depends on / blocked
 
Reported: 2014-07-17 09:45 UTC by wanghui
Modified: 2016-07-04 00:40 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-02-11 21:00:13 UTC
oVirt Team: Node
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2015:0160 normal SHIPPED_LIVE ovirt-node bug fix and enhancement update 2015-02-12 01:34:52 UTC
oVirt gerrit 30242 master MERGED SELinux changes for EL7 and CIM Never
oVirt gerrit 34385 master MERGED Another update for cim Never
oVirt gerrit 34554 node-3.0 MERGED SElinux changes for CIM Never
oVirt gerrit 34802 master ABANDONED SElinux changes for CIM Never
oVirt gerrit 35563 ovirt-3.5 MERGED Another update for cim Never
oVirt gerrit 36713 None None None Never

Description wanghui 2014-07-17 09:45:16 UTC
Description of problem:
It can not get info through CIM when configured it.

Version-Release number of selected component (if applicable):
rhev-hypervisor7-7.0-20140714.0
ovirt-node-3.1.0-0.5.20140711git7197118.el7.noarch

How reproducible:
100%

Steps to Reproduce:
1. Install rhev-hypervisor7-7.0-20140714.0.iso
2. Enabled network
3. Configure CIM in TUI with setting password as 'redhat'
4. Check CIM function from remote as follows.
#wbemcli ein -noverify https://cim:redhat@192.168.15.10/root/virt:KVM_VirtualSystemManagementService

Actual results:
1. After step4, it shows http exception as follows.
*
* wbemcli: Http Exception: Invalid username/password.
*

Expected results:
1. It can get rhevh info through CIM after configured it.

Additional info:

Comment 1 Fabian Deutsch 2014-07-24 16:03:15 UTC
This is a mass change, moving bugs of merged patches into MODIFIED.

Please correct the state, if you think that the move was not justified.

Comment 3 wanghui 2014-10-09 07:11:26 UTC
Test version:
rhev-hypervisor7-7.0-20141006.0.el7ev
ovirt-node-3.1.0-0.20.20141006gitc421e04.el7.noarch.rpm
ovirt-node-plugin-cim-3.1.0-0.20.20141006gitc421e04.el7.noarch

Test step:
1. Install rhev-hypervisor7-7.0-20141006.0.el7ev
2. Enabled network
3. Configure CIM in TUI with setting password as 'redhat'
4. Check CIM function from remote(RHEL6.5) as follows.
#wbemcli ein -noverify https://cim:redhat@192.168.15.10/root/virt:KVM_VirtualSystemManagementService

Actual results:
1. After step4, it shows http exception as follows.
*
* wbemcli: Http Exception: Invalid username/password.
*

So this issue is not fixed yet, change the status from ON_QA to Assign.

Comment 4 Ryan Barry 2014-10-23 00:07:48 UTC
This works over http, but not https. https throws back a 501 Not Implemented.

This looks similar to bz#968397, but we're at sblim-sfcb-1.3.16-11.el7, and I would expect this to have picked up the changes in -7. Any suggestions for troubleshooting this, Tomas?

Comment 5 Tomáš Bžatek 2014-10-23 10:14:17 UTC
(In reply to Ryan Barry from comment #4)
> This works over http, but not https. https throws back a 501 Not Implemented.
> 
> This looks similar to bz#968397, but we're at sblim-sfcb-1.3.16-11.el7, and
> I would expect this to have picked up the changes in -7. Any suggestions for
> troubleshooting this, Tomas?

Looking at the sblim-sfcb RHEL 7.1 repo, the patch is not there. Remember the NVR usually don't match as different changes are often made for RHEL (not sure when it was branched). Please file a bugreport on RHEL for patch inclusion (or request scratch builds with the patch).

Comment 6 cshao 2014-10-28 08:01:15 UTC
Hi fabiand,

I can reproduce this issue with rhev-hypervisor6-6.6-20141027.0.iso build, so could you help us clone this bug to 3.4.z?

Test version:
rhev-hypervisor6-6.6-20141027.0.iso
(http://download.devel.redhat.com/brewroot/work/tasks/2138/8162138/rhev-hypervisor6-6.6-20141027.0.iso)
ovirt-node-3.0.1-19.el6.21.noarch

Test steps:
1. Install rhev-hypervisor6-6.6-20141027.0.iso.
2. Enabled network
3. Configure CIM in TUI with setting password as 'redhat'
4. Check CIM function from remote as follows.
# wbemcli ein -noverify https://cim:1@ip/root/virt:KVM_VirtualSystemManagementService

Actual results:
1. After step4, it shows http exception as follows.
*
* wbemcli: Http Exception: Invalid username/password.
*

Expected results:
1. It can get rhevh info through CIM after configured it.

NOTE: No such issue on 
RHEV-H 6.5u8 for RHEV 3.4.3 (rhev-hypervisor6-6.5-20141017.0).

Thanks!

Comment 7 Fabian Deutsch 2014-10-28 08:13:08 UTC
(In reply to shaochen from comment #6)
> Hi fabiand,
> 
> I can reproduce this issue with rhev-hypervisor6-6.6-20141027.0.iso build,

Hey Tomas, could it be that the build on 6.6 is also missing the relevant patches?


> so could you help us clone this bug to 3.4.z?

Chen,

Comment 8 Ryan Barry 2014-10-28 13:13:33 UTC
The symptoms are exactly the same, at least. Works over HTTP, doesn't work over HTTPS (501).

The SElinux changes will also be needed for 6.6. All the required types are present, at least, so it should be easy to pull back.

Comment 9 Fabian Deutsch 2014-10-28 13:15:21 UTC
(pressed return on half the way)

Chen, I agreed with Ying that a new bug will be created to track the issue on 6.6

Comment 10 Fabian Deutsch 2014-10-28 13:17:27 UTC
(In reply to Ryan Barry from comment #8)
> The symptoms are exactly the same, at least. Works over HTTP, doesn't work
> over HTTPS (501).
> 
> The SElinux changes will also be needed for 6.6. All the required types are
> present, at least, so it should be easy to pull back.

Because it's on 3.5 / 6.6 we'll not need to backport the selinux changes, because we are using the same node version on both platforms for 3.5

Comment 11 Fabian Deutsch 2014-10-28 13:22:51 UTC
(In reply to Fabian Deutsch from comment #10)
> (In reply to Ryan Barry from comment #8)
> > The symptoms are exactly the same, at least. Works over HTTP, doesn't work
> > over HTTPS (501).
> > 
> > The SElinux changes will also be needed for 6.6. All the required types are
> > present, at least, so it should be easy to pull back.
> 
> Because it's on 3.5 / 6.6 we'll not need to backport the selinux changes,
> because we are using the same node version on both platforms for 3.5

Correcting myself.
As noted in comment 6 it's happening on 6.6 with 3.4.z
So we need the package update and need to backport the selinux fixes.

Comment 12 cshao 2014-10-29 10:42:51 UTC
(In reply to Fabian Deutsch from comment #9)
> (pressed return on half the way)
> 
> Chen, I agreed with Ying that a new bug will be created to track the issue
> on 6.6

Bug 1158412 - [rhevh6.5 for 3.4.z] CIM funtion doesn't work

Done :)

Comment 13 Tomáš Bžatek 2014-10-29 11:51:38 UTC
(In reply to Fabian Deutsch from comment #7)
> Hey Tomas, could it be that the build on 6.6 is also missing the relevant
> patches?

I have no idea about RHEL6 sblim-sfcb plans. Please contact respective owner of the component, Vitezslav Crhonek <vcrhonek@redhat.com>.

Comment 14 Ying Cui 2014-10-29 13:35:51 UTC
(In reply to shaochen from comment #12)
> (In reply to Fabian Deutsch from comment #9)
> > (pressed return on half the way)
> > 
> > Chen, I agreed with Ying that a new bug will be created to track the issue
> > on 6.6
> 
> Bug 1158412 - [rhevh6.5 for 3.4.z] CIM funtion doesn't work
here should be [rhevh6.6 for 3.4.z] not 6.5, typo here. I have updated bug 1158412 yet. Thanks.

Comment 15 Fabian Deutsch 2014-10-30 11:48:46 UTC
Vitezslav, can you tell if this bug is caused because the 6.6 build is missing some patches or does not support https?

Comment 16 Vitezslav Crhonek 2014-11-04 10:32:05 UTC
Probably answered in https://bugzilla.redhat.com/show_bug.cgi?id=1156093#c3

sfcb should support http and https.

Comment 17 Fabian Deutsch 2014-11-27 05:48:53 UTC
We need to wait until bug 1102477 is fixed until we can verify this bug.

Comment 19 Fabian Deutsch 2015-01-07 14:47:10 UTC
(In reply to Fabian Deutsch from comment #17)
> We need to wait until bug 1102477 is fixed until we can verify this bug.

No, because this bug is for RHEV-H 7.0. Moving to ON_QA

Comment 20 wanghui 2015-01-08 06:45:14 UTC
Test version:
rhev-hypervisor7-7.0-20150106.0.el7ev
ovirt-node-3.1.0-0.40.20150105git69f34a6.el7.noarch
ovirt-node-plugin-cim-3.1.0-0.40.20150105git69f34a6.el7.noarch
sblim-sfcb-1.3.16-11.el7.x86_64

Test steps:
1. Install rhev-hypervisor7-7.0-20150106.0.el7ev
2. Enabled network
3. Configure CIM in TUI with setting password as 'redhat'
4. Check CIM function from remote(RHEL6.5) through https as follows.
#wbemcli ein -noverify https://cim:redhat@192.168.15.10/root/virt:KVM_VirtualSystemManagementService
5. Check CIM function from remote(RHEL6.5) through http as follows.
#wbemcli ein -noverify http://cim:redhat@192.168.15.10/root/virt:KVM_VirtualSystemManagementService

Test result:
1. After step4, the output is as follows.
#wbemcli ein -noverify https://cim:redhat@192.168.15.10/root/virt:KVM_VirtualSystemManagementService
*
* wbemcli: Http Exception: Invalid username/password.
*
2. After step5, the output is as follows.
# wbemcli ein -noverify http://cim:redhat@192.168.15.10/root/virt:KVM_VirtualSystemManagementService
*
* wbemcli: Http Exception: Couldn't connect to server
*

So this issue is not fixed in rhev-hypervisor7-7.0-20150106.0.el7ev. Change the status from ON_QA to Assigned.

Comment 21 Ryan Barry 2015-01-08 14:28:03 UTC
This should not have been ON_QA.

The appropriate EL7 bug blocking it is bz#1166044, which is currently ON_QA, but there's no released package we can include yet.

Comment 22 Ryan Barry 2015-01-08 20:23:16 UTC
Builds with fixed CIM packages revealed another selinux denial, after which CIM works as expected.

Patch is pending upstream. New images will be available tomorrow. If I have time today, I'll try to get a scratch build out for testing.

Comment 23 wanghui 2015-01-13 07:18:26 UTC
Test version:
rhev-hypervisor7-7.0-20150112.0.el7ev
ovirt-node-3.1.0-0.42.20150109gitd06b7c5.el7.noarch
sblim-sfcb-1.3.16-12.el7_0.x86_64

Test steps:
1. Install rhev-hypervisor7-7.0-20150112.0.el7ev
2. Enabled network
3. Configure CIM in TUI with setting password as 'redhat'
4. Check CIM function from remote(RHEL7.0) through https as follows.
#wbemcli ein -noverify https://cim:redhat@192.168.15.198/root/virt:KVM_VirtualSystemManagementService

Test result:
1. After step4, the output is as follows.
# wbemcli ein -noverify https://cim:redhat@192.168.15.198/root/virt:KVM_VirtualSystemManagementService

192.168.15.198:5989/root/virt:KVM_VirtualSystemManagementService.SystemCreationClassName="KVM_HostSystem",SystemName="unknown",CreationClassName="KVM_VirtualSystemManagementService",Name="Management Service"

So this issue is fixed in rhev-hypervisor7-7.0-20150112.0.el7ev. Change the status from ON_QA to Verified.

Comment 25 errata-xmlrpc 2015-02-11 21:00:13 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2015-0160.html


Note You need to log in before you can comment on or make changes to this bug.