Bug 1169338 - move set-saslpasswd for libvirt to configurator
Summary: move set-saslpasswd for libvirt to configurator
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: vdsm
Version: 3.5.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ovirt-3.6.0-rc
: 3.6.0
Assignee: Yaniv Bronhaim
QA Contact: Petr Kubica
URL:
Whiteboard:
Depends On:
Blocks: 1122570
TreeView+ depends on / blocked
 
Reported: 2014-12-01 11:40 UTC by Yaniv Bronhaim
Modified: 2016-03-09 19:27 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-03-09 19:27:25 UTC
oVirt Team: Infra
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:0362 normal SHIPPED_LIVE vdsm 3.6.0 bug fix and enhancement update 2016-03-09 23:49:32 UTC
oVirt gerrit 39823 master MERGED Move passwd (set saslpassword for libvirt) to vdsm-tool Never

Description Yaniv Bronhaim 2014-12-01 11:40:50 UTC
Description of problem:
To fix Bug #1168689 for 3.5 we moved the set-saslpasswd call to pre-start scripts. To not run it on each start, this should be moved to configurator as part of vdsm configuration for external services.

Comment 2 Yaniv Bronhaim 2015-06-16 07:56:38 UTC
"vdsm-tool configure --module passwd" - Is now the command that set the password required for vdsm to communicate with libvirt (for user ovirt@vdsm in virsh. same in rhevm) - vdsm won't run it during installation time but require manual or host-deploy to run the vdsm-tool configure command for that


vdsm-tool remove-config --module passwd - you can remove the user configuration (vdsm does calls vdsm-tool remove-config during uninstall, means that the user should not exist after vdsm removal).

With the command "sasldblistuser2 -f /etc/libvirt/passwd.db" - you check that user vdsm@ovirt exists and configured and you can also try using virsh to check that the user is configured properly . the removal is also important.

Comment 3 Petr Kubica 2015-06-22 16:33:32 UTC
If I understand it correctly, it should be the password for user vdsm@ovirt the same as password for admin@internal in rhevm after "vdsm-tool configure --module passwd" ?

Comment 4 Yaniv Bronhaim 2015-06-23 14:14:08 UTC
no. its the password and username you use to connect to libvirt - use "virsh list", it will prompt for authentication

Comment 5 Petr Kubica 2015-06-25 08:39:10 UTC
Verified in vdsm-4.17.0-1011.git32a7630.el7

[root@vh1 ~]# sasldblistusers2 -f /etc/libvirt/passwd.db
vdsm@ovirt: userPassword
[root@vh1 ~]# vdsm-tool remove-config --module passwd
[root@vh1 ~]# sasldblistusers2 -f /etc/libvirt/passwd.db
[root@vh1 ~]# virsh list
Please enter your authentication name: vdsm@ovirt
Please enter your password: 
error: failed to connect to the hypervisor
error: no valid connection
error: authentication failed: authentication failed

[root@vh1 ~]# vdsm-tool configure --module passwd

Checking configuration status...


Running configure...
Reconfiguration of passwd is done.

Done configuring modules to VDSM.
[root@vh1 ~]# sasldblistusers2 -f /etc/libvirt/passwd.db
vdsm@ovirt: userPassword
[root@vh1 ~]# virsh list
Please enter your authentication name: vdsm@ovirt
Please enter your password: 
 Id    Jméno                         Stav
----------------------------------------------------

Comment 7 errata-xmlrpc 2016-03-09 19:27:25 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0362.html


Note You need to log in before you can comment on or make changes to this bug.