1258749 – [Log Viewer] No permissions to display log files for RHEV Manager

Bug 1258749 - [Log Viewer] No permissions to display log files for RHEV Manager

Summary: [Log Viewer] No permissions to display log files for RHEV Manager

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	ovirt-engine-webadmin-portal
Sub Component:
Version:	3.6.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	3.6.0
Assignee:	Josh Kinlaw
QA Contact:	Gonza
Docs Contact:
URL:
Whiteboard:	subeng
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-09-01 07:56 UTC by Gonza
Modified:	2015-09-08 15:32 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-09-08 15:32:25 UTC
oVirt Team:	---
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Gonza 2015-09-01 07:56:47 UTC

Description of problem:
After login as admin user, when accessing the Log Viewer tab on webadmin and selecting "RHEV Manager" from the dropdown menu "Please Select the Machine" no logs are displayed and instead the following message is displayed:
"Invalid credentials to view log files. Must be superuser."

==> /var/log/ovirt-engine/redhat-support-plugin-rhev.log <==
INFO  Tue Sep 01 09:53:22.892 CEST 2015 [7.0.0.1:8702-12] [ApiInterraction          ] Querying https://gr1.rhev.lab.eng.brq.redhat.com/ovirt-engine/api/users/00000018-0018-0018-0018-0000000002fd/roles with JSESSIONID=X7THDEV1EZ+aVN+MYgRa1orj
INFO  Tue Sep 01 09:53:22.893 CEST 2015 [7.0.0.1:8702-12] [SessionFilter            ] Adding cookies and headers JSESSIONID=X7THDEV1EZ+aVN+MYgRa1orj
ERROR Tue Sep 01 09:53:22.945 CEST 2015 [7.0.0.1:8702-12] [ApiInterraction          ] javax.ws.rs.ProcessingException: Unable to invoke request
ERROR Tue Sep 01 09:53:22.945 CEST 2015 [7.0.0.1:8702-12] [Logs                     ] Invalid credentials to view log files.  Must be superuser.

==> /var/log/ovirt-engine/server.log <==
2015-09-01 09:53:22,892 INFO  [com.redhat.gss.redhat_access_plugin.server.api_interraction.ApiInterraction] (ajp-/127.0.0.1:8702-12) Querying https://gr1.rhev.lab.eng.brq.redhat.com/ovirt-engine/api/users/00000018-0018-0018-0018-0000000002fd/roles with JSESSIONID=X7THDEV1EZ+aVN+MYgRa1orj
2015-09-01 09:53:22,893 INFO  [com.redhat.gss.redhat_access_plugin.server.filters.SessionFilter] (ajp-/127.0.0.1:8702-12) Adding cookies and headers JSESSIONID=X7THDEV1EZ+aVN+MYgRa1orj
2015-09-01 09:53:22,945 ERROR [com.redhat.gss.redhat_access_plugin.server.api_interraction.ApiInterraction] (ajp-/127.0.0.1:8702-12) javax.ws.rs.ProcessingException: Unable to invoke request
2015-09-01 09:53:22,945 ERROR [com.redhat.gss.redhat_access_plugin.server.Logs] (ajp-/127.0.0.1:8702-12) Invalid credentials to view log files.  Must be superuser.


Version-Release number of selected component (if applicable):
rhevm-3.6.0-0.12.master.el6.noarch

How reproducible:
100%

Steps to Reproduce:
1. Login as admin
2. Navigate to Log Viewer tab
3. Select "RHEV Manager" from the "Please Select the Machine" dropdown

Actual results:
Error message is displayed and no logs are shown:
"Invalid credentials to view log files. Must be superuser."

Expected results:
Log files are displayed correctly

Comment 3 Martin Bukatovic 2015-09-07 15:01:21 UTC

Could you check if the root cause is the same as in BZ 1097762?

Comment 6 Josh Kinlaw 2015-09-08 14:57:41 UTC

Working as designed. We do not allow users that are not part of the admin group to see logs.

Comment 7 Yaniv Lavi 2015-09-08 15:16:31 UTC

How do you know that this is a case due?
Gonza, did you use a user with admin role?

Comment 8 Gonza 2015-09-08 15:32:25 UTC

Always using admin@internal.

Just realized the reverse DNS server was broken when I installed the engine and the certificate was created with a wrong CN.

Note You need to log in before you can comment on or make changes to this bug.