Description of problem: After configure virt-who with rhsm_username and rhsm_password, it will failed to connect with subscription-manager as "RestlibException: Access denied" Version-Release number of selected component (if applicable): subscription-manager-1.14.9-1.el6.x86_64 python-rhsm-1.14.3-1.el6.x86_64 virt-who-0.12-9.el6.noarch Satellite-6.1.0-RHEL-7-20150603.1 How reproducible: Always Steps to Reproduce: 1.Register a RHEL instance to Satellite 6. [root@hp-z220-05 ~]# subscription-manager register --username=admin --password=admin [root@hp-z220-05 ~]# subscription-manager identity system identity: 99b281e3-4296-47d2-8be4-b89c5b8a7175 name: hp-z220-05.qe.lab.eng.nay.redhat.com org name: Default Organization org ID: Default_Organization environment name: Library 2.Configure virt-who run at esx mode as the following [root@hp-z220-05 ~]# vim /etc/virt-who.d/virt [test-esx1] type=esx server=10.66.78.27 username=Administrator password=qwer1234P! owner=ACME_Corporation env=Library rhsm_username=admin rhsm_password=admin 3.Restart virt-who service then check the virt-who's log [root@hp-z220-05 ~]# service virt-who restart [root@hp-z220-05 ~]# tail -f /var/log/rhsm/rhsm.log 2015-06-08 17:55:44,089 [DEBUG] @virtwho.py:89 - Using config named 'test-esx1' 2015-06-08 17:55:44,089 [INFO] @virtwho.py:563 - Using configuration "test-esx1" ("esx" mode) 2015-06-08 17:55:44,113 [DEBUG] @virtwho.py:151 - Starting infinite loop with 10 seconds interval 2015-06-08 17:55:44,252 [DEBUG] @esx.py:53 - Log into ESX 2015-06-08 17:55:44,671 [DEBUG] @esx.py:56 - Creating ESX event filter 2015-06-08 17:55:44,832 [DEBUG] @esx.py:127 - Waiting for ESX changes 2015-06-08 17:55:44,854 [INFO] @subscriptionmanager.py:123 - Sending update in hosts-to-guests mapping: {564d3dd6-4176-beda-e5b5-e3e00eb39aa9: [4239fab8-86c0-a5fc-bd98-b31813ebc5d1], 564d9431-d446-2c44-1f38-9e243363996d: [42392c06-c6ac-48ae-f984-279e18ff8571]} 2015-06-08 17:55:44,854 [DEBUG] @subscriptionmanager.py:71 - Authenticating with RHSM username admin 2015-06-08 17:55:50,329 [ERROR] @virtwho.py:123 - Error in communication with subscription manager: Traceback (most recent call last): File "/usr/share/virt-who/virtwho.py", line 105, in send self._sendGuestAssociation(report) File "/usr/share/virt-who/virtwho.py", line 134, in _sendGuestAssociation result = manager.hypervisorCheckIn(report.config, report.association, report.config.type) File "/usr/share/virt-who/manager/subscriptionmanager/subscriptionmanager.py", line 132, in hypervisorCheckIn return self.connection.hypervisorCheckIn(config.owner, config.env, mapping) File "/usr/lib64/python2.6/site-packages/rhsm/connection.py", line 815, in hypervisorCheckIn return self.conn.request_post(url, host_guest_mapping) File "/usr/lib64/python2.6/site-packages/rhsm/connection.py", line 605, in request_post return self._request("POST", method, params) File "/usr/lib64/python2.6/site-packages/rhsm/connection.py", line 530, in _request self.validateResponse(result, request_type, handler) File "/usr/lib64/python2.6/site-packages/rhsm/connection.py", line 572, in validateResponse raise RestlibException(response['status'], error_msg) RestlibException: Access denied Actual results: Failed to communicate with subscription-manager after configured rhsm_username and rhsm_password Expected results: virt-who reports host/guest mapping using the rhsm_username and rhem_password successfully. Additional info:
this issue can be duplicated for SAM 1.4.1 and the error log message as following: 2 015-07-14 09:15:48,989 [ERROR] @virtwho.py:123 - Error in communication with subscription manager: Traceback (most recent call last): File "/usr/share/virt-who/virtwho.py", line 105, in send File "/usr/share/virt-who/virtwho.py", line 134, in _sendGuestAssociation File "/usr/share/virt-who/manager/subscriptionmanager/subscriptionmanager.py", line 134, in hypervisorCheckIn File "/usr/lib64/python2.6/site-packages/rhsm/connection.py", line 815, in hypervisorCheckIn File "/usr/lib64/python2.6/site-packages/rhsm/connection.py", line 605, in request_post File "/usr/lib64/python2.6/site-packages/rhsm/connection.py", line 530, in _request File "/usr/lib64/python2.6/site-packages/rhsm/connection.py", line 572, in validateResponse RestlibException: User admin is not allowed to access api/v1/systems/hypervisors_update
It looks like the user that is specified in the rhsm_username parameter does not have necessary permissions to use hypervisor_update call. What permissions does the user have? Is it possible to register system with given credentials?
hi Radek, Environment: - RHEV-H-vdsm6-6.7-20150707.0 - RHEVM-3.5.4-1.1 (VDSM mode) - SAM-1.4.1-RHEL-6-20141113.0 (admin / admin) Packages: - virt-who-0.12-10.el6.noarch - python-rhsm-1.14.3-1.el6.x86_64 - subscription-manager-1.14.10-1.el6.x86_64 virt-who config: [test-esx] type=esx server=10.66.78.89 username=Administrator password=qwer1234P! owner=ACME_Corporation env=Library rhsm_username=admin rhsm_password=admin can register to sam server successfully # subscription-manager register --username=admin --password=admin The system has been registered with ID: cd9555d7-95b0-43b6-8b0f-b248ca81dbb5
There is nothing virt-who can do about it. It looks like the user you're trying to use doesn't have some necessary privilege that would allow him to use this "api/v1/systems" API. Can someone from candlepin team tell us how should the user be configured to be allowed to use this API? Then I'll add a notice about it to virt-who manual page.
Created attachment 1082639 [details] candle_pin log in SAM
Created attachment 1082640 [details] katello_production log in SAM
I am going to guess that the user just upgraded to Satellite 6.1, Is that correct? If so can you confirm if the prefix setting in /etc/rhsm/rhsm.conf is set to "/rhsm". If not, please change this and re-try. Please also double check that the rhsm_prefix is not overriding this in the /etc/virt-who.d configuration. -- bk
Yes, RHEL7.2 system registered to Satellite-6.1.0-RHEL-7-20150828.0,. the prefix=/rhsm in /etc/rhsm/rhsm.conf. the rhsm_profix is not overriding this in the /etc/virt-who/XXX [root@hp-z220-10 ~]# cat /etc/rhsm/rhsm.conf | grep -v ^# | grep -v ^$ [server] hostname = intel-waimeabay-hedt-01.ml3.eng.bos.redhat.com prefix = /rhsm port = 443 insecure = 0 ssl_verify_depth = 3 proxy_hostname = proxy_port = proxy_user = proxy_password = [rhsm] baseurl= https://intel-waimeabay-hedt-01.ml3.eng.bos.redhat.com/pulp/repos ca_cert_dir = /etc/rhsm/ca/ repo_ca_cert = %(ca_cert_dir)skatello-server-ca.pem productCertDir = /etc/pki/product entitlementCertDir = /etc/pki/entitlement consumerCertDir = /etc/pki/consumer manage_repos = 1 full_refresh_on_yum = 1 report_package_profile = 1 pluginDir = /usr/share/rhsm-plugins pluginConfDir = /etc/rhsm/pluginconf.d [rhsmcertd] certCheckInterval = 240 autoAttachInterval = 1440 [root@hp-z220-10 ~]# cat /etc/virt-who.d/virtwho [test-hyperv1] type=hyperv server=http://10.66.128.9 username=Administrator encrypted_password=7430ce339e913ecfb2663d33d74b4bfa owner=ACME_Corporation env=Library rhsm_username=admin rhsm_password=admin
*** Bug 1295654 has been marked as a duplicate of this bug. ***
*** Bug 1246976 has been marked as a duplicate of this bug. ***
Verified the bug and got info as below: 1.Don't create "ACME_Corporation" organization in satellite6.2 server, will register rhel7.3 host to the server's default organization by auto. Then configure virt-who-config file with "owner=Default_Organization", virt-who can send h/g mapping info to server successfully with rhsm username and password. But configure virt-who-config file with "owner=ACME_Corporation", the bug will reproduce with rhsm username and password. 2.Create a new "ACME_Corporation" organization in satellite6.2 server, can register rhel7.3 to the new or default organization by selection, if change to register to the other organization, must delete the host info from before one. Then configure virt-who-config file with "owner=Default_Organization", virt-who can send h/g mapping info to default organizaiton successfully with rhsm username and password. Change owner to "owner=ACME_Corporation", virt-who can also send h/g mapping info successfully to the new organization, no need to delete the hypervisor info from before one, and it can be listed to both the two organizations. Environment: -RHEL Build: RHEL-7.3-20161005.0-Server-x86_64 -Satellite Server: Satellite6.2.3-20161007.0 (10.73.3.245) Packages: -virt-who-0.17-10.el7.noarch -subscription-manager-1.17.15-1.el7.x86_64 -python-rhsm-1.17.9-1.el7.x86_64 virt-who config: [test-libvirt] type=libvirt server=qemu+ssh://10.66.144.10/system username=root password=redhat2016 owner=Default_Organization/ACME_Corporation env=Library rhsm_username=admin rhsm_password=admin
According to comment 22, virt-who can send correct h/g mapping info to satellite after setting correct "owner", "rhs_username and rhsm_password". Therefore, closed it on Satellite-6.2.0-RHEL-7-20161007.0.