This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 1275913 - Smart State Analysis on VMware fails with non-root user with Admin Privileges
Smart State Analysis on VMware fails with non-root user with Admin Privileges
Status: CLOSED WONTFIX
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: SmartState Analysis (Show other bugs)
5.4.0
x86_64 Linux
high Severity high
: GA
: 5.6.0
Assigned To: Hui Song
Satyajit Bulage
smartstate:vmware:retest
:
: 1221706 (view as bug list)
Depends On:
Blocks: 1290168
  Show dependency treegraph
 
Reported: 2015-10-28 02:14 EDT by Prasad Mukhedkar
Modified: 2016-06-27 12:23 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1290168 (view as bug list)
Environment:
Last Closed: 2016-06-27 12:23:34 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Prasad Mukhedkar 2015-10-28 02:14:29 EDT
Description of problem:

Smart state analysis on vmware VMs fails with non-root user having 
"Administrator" role - the same role as root has assigned.

 
- When running SSA as a non-root user (in this case "evm" is the username) I get this:
 http://pastebin.test.redhat.com/322853

- Running as root, in the same part of the logs where this happens for evm, I see this:
 And then the smart-state analysis continues successfully.
 http://pastebin.test.redhat.com/322854


So Iā€™m guessing the Nfcsvc plugin not getting started when running as a non-root user has something to do with the failure. 



Version-Release number of selected component (if applicable):
cfme-5.4.1.0-1.el6cf.x86_64
vmware vsphere 5.5

How reproducible:
Always 

Steps to Reproduce:
1. Create a local user with Administrator privileges on one ESX server
2. Use this user with host (Infrastructure --> Hosts --> --> Configuration --> Edit this host --> Credentials --> Default)
3. Perform the smart state analysis on the VMs

Actual results:
Smart state analysis fails 

Expected results:
Fleecing should successful as we are giving administrator privileges
to the non-root user. 

Additional info:
Comment 5 Prasad Mukhedkar 2016-03-22 02:30:04 EDT
Hui Song, Yeah, I just tested with 6.0 VDDK and could perform smart state analysis successfully without non-root (with admin privileges) user. 

Question : VDDK 6.0 is supported on cfme 5.4 ? If I remember there were some issues. If it's not supported on cfme 5.4 or lower version at all. We may need to add a big note stating root user required to perform SSA in documentation if its bug in vddk 5.5 side. 


CloudForms Management Engine 5.3 supports VDDK 5.5 (VMware-vix-disklib-5.5.0-1284542.x86_64.tar.gz).
CloudForms Management Engine 5.2 supports VDDK 5.5 (VMware-vix-disklib-5.5.0-1284542.x86_64.tar.gz).
CloudForms Management Engine (CFME) 5.1 supports VDDK 1.2.2 (VMware-vix-disklib-1.2.2-702422.x86_64.tar.gz).

https://access.redhat.com/articles/375983


Let me know your thoughts please. We can then approach to documentation team.
Comment 6 Hui Song 2016-03-22 09:52:02 EDT
(In reply to Prasad Mukhedkar from comment #5)
> 
> Question : VDDK 6.0 is supported on cfme 5.4 ? If I remember there were some
> issues. If it's not supported on cfme 5.4 or lower version at all. We may
> need to add a big note stating root user required to perform SSA in
> documentation if its bug in vddk 5.5 side. 
> 

I am not really sure if cfme 5.4 supports VDDK 6.0 or not. But I didnt' feel any problems. The real issue here is the version of vmware providers inside of cfme 5.4 should follow the vmware support matrix:

"The VMware policy concerning backward and forward compatibility is for VDDK to support N-2 and N+1 releases. In other words, VDDK 5.5 and all of its update releases support vSphere 5.0, 5.1, and 6.0 (except new features)."

Rich, could you answer the question?
Comment 7 Hui Song 2016-04-04 15:52:42 EDT
*** Bug 1221706 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.