Created attachment 1091627 [details] engine sosreport Description of problem: The same guest-VM shown twice if VM has permission for "Everyone" and "admin". If I'm setting the permissions for the guest VM for "Everyone" and for the "admin" as UserVmManager, then connecting to the serial-console, I see the same guest-VM twice. Available Serial Consoles: 00 RHEL7_2_VM_1[ea857677-f6d2-4d16-a40a-a44222670482] 01 RHEL7_2_VM_1[ea857677-f6d2-4d16-a40a-a44222670482] SELECT> If "Everyone" removed, the same guest VM shown once. Version-Release number of selected component (if applicable): Engine: Red Hat Enterprise Virtualization Manager Version: 3.6.0.3-0.1.el6 rhevm-3.6.0.3-0.1.el6.noarch virt-vmconsole-proxy-1.0.0-1.el6ev.noarch ovirt-engine-extension-aaa-jdbc-1.0.1-1.el6ev.noarch ovirt-host-deploy-1.4.0-1.el6ev.noarch ovirt-host-deploy-java-1.4.0-1.el6ev.noarch ovirt-vmconsole-1.0.0-1.el6ev.noarch Linux version 2.6.32-573.7.1.el6.x86_64 (mockbuild.eng.bos.redhat.com) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-16) (GCC) ) #1 SMP Thu Sep 10 13:42:16 EDT 2015 Host: ovirt-vmconsole-1.0.1-0.0.master.20151105234454.git3e5d52e.el7.noarch ovirt-release36-snapshot-001-2.noarch ovirt-vmconsole-host-1.0.1-0.0.master.20151105234454.git3e5d52e.el7.noarch ovirt-release36-001-2.noarch vdsm-4.17.10.1-0.el7.centos.noarch libvirt-client-1.2.17-13.el7.x86_64 mom-0.5.1-2.el7.noarch qemu-kvm-rhev-2.3.0-31.el7.x86_64 sanlock-3.2.4-1.el7.x86_64 Linux version 3.10.0-322.el7.x86_64 (mockbuild.eng.bos.redhat.com) (gcc version 4.8.3 20140911 (Red Hat 4.8.3-9) (GCC) ) #1 SMP Mon Oct 5 21:41:10 EDT 2015 How reproducible: 100% Steps to Reproduce: 1.Install clean installation of RHEVM 3.6.0.3-0.1.el6 and connect to it 2 hosts. 2.Install serial console on your environment ( ovirt-vmconsole-proxy on engine and make sure that ovirt-vmconsole-host-sshd is running on your hosts. 3.Create VM and install clean installation of RHEL7.2 on it, then make sure that console is enabled for the VM inside the engine (edit vm->console). 4.Start the VM and make sure that systemctl status serial-getty is running, if not, start it with systemctl start serial-getty. 5.Add permissions for the VM as depicted within the attachment. 6.Add you public key from "cat /root/.ssh/id_rsa.pub" to the engine keys, so you could connect via serial console to the VM guest. 7.Connect to the VM using this command: - "ssh -v -t -i $HOME/.ssh/id_rsa -p 2222 ovirt-vmconsole@IP_OF_YOUR_ENGINE connect". Actual results: Same VM shown twice. Expected results: Same VM should be shown once. Additional info: Sosreports from 2 hosts and the engine, plus screenshots attached.
Created attachment 1091639 [details] alma02 sosreport
Created attachment 1091640 [details] black sosreport
Created attachment 1091641 [details] engine_samevmshowntvice_permissions_settings picture
Created attachment 1091642 [details] samevmshowntvice_ssh_terminal picture
One more detail, guest VM had disk at iSCSI SD, but this is not important as have no relation to the issue, mentioning it for complete description of the bug.
once again, bug#1264385 should have solved all permissions issues, but people insist to defer it to discover what we already know - a bad implementation.
Target release should be placed once a package build is known to fix a issue. Since this bug is not modified, the target version has been reset. Please use target milestone to plan a fix for a oVirt release.
This bug is not marked for z-stream, yet the milestone is for a z-stream version, therefore the milestone has been reset. Please set the correct milestone or add the z-stream flag.
(In reply to Alon Bar-Lev from comment #6) > once again, bug#1264385 should have solved all permissions issues, but > people insist to defer it to discover what we already know - a bad > implementation. seeing it twice should not be related to that change. Interestingly in bug 1278271 a permission on Everyone also seem to make a difference on visibility - may be related
Bug tickets must have version flags set prior to targeting them to a release. Please ask maintainer to set the correct version flags and only then set the target milestone.
Bug tickets that are moved to testing must have target release set to make sure tester knows what to test. Please set the correct target release before moving to ON_QA.
not sure what caused the mess, but this is fixed for quite some time
Can't verify this bug, while running on HE, due to https://bugzilla.redhat.com/show_bug.cgi?id=1300749. In my setup I receive Jan 24, 2016 2:12:25 PM Add-Disk operation failed to complete.
I was unable to reproduce as feature did not work for me on ovirt-vmconsole-1.0.0-1.el7ev.noarch: On my PC: Authenticated to 10.35.161.30 ([10.35.161.30]:2222). debug1: channel 0: new [client-session] debug1: Requesting no-more-sessions debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 debug1: Sending env LANGUAGE = debug1: Sending command: connect debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: client_input_channel_req: channel 0 rtype eow reply 0 Read from socket failed: Connection reset by peer debug1: channel 0: free: client-session, nchannels 1 Connection to 10.35.161.30 closed. Transferred: sent 4040, received 4168 bytes, in 3.9 seconds Bytes per second: sent 1036.0, received 1068.8 debug1: Exit status 255 On guest VM: systemctl status serial-getty ● serial-getty - Serial Getty on ttyS0 Loaded: loaded (/usr/lib/systemd/system/serial-getty@.service; enabled; vendor preset: disabled) Active: active (running) since Sun 2016-01-24 18:24:26 IST; 9s ago Docs: man:agetty(8) man:systemd-getty-generator(8) http://0pointer.de/blog/projects/serial-console.html Main PID: 2025 (agetty) CGroup: /system.slice/system-serial\x2dgetty.slice/serial-getty └─2025 /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt220 Jan 24 18:24:26 RHEL7Server systemd[1]: Started Serial Getty on ttyS0. Jan 24 18:24:26 RHEL7Server systemd[1]: Starting Serial Getty on ttyS0... On engine: service ovirt-vmconsole-proxy-sshd status ovirt-vmconsole-proxy-sshd (pid 2126) is running... On host: systemctl status ovirt-vmconsole-host-sshd -l ● ovirt-vmconsole-host-sshd.service - oVirt VM Console SSH server daemon Loaded: loaded (/usr/lib/systemd/system/ovirt-vmconsole-host-sshd.service; enabled; vendor preset: disabled) Active: active (running) since Sun 2016-01-24 16:17:02 UTC; 16min ago Main PID: 18227 (sshd) CGroup: /system.slice/ovirt-vmconsole-host-sshd.service └─18227 /usr/sbin/sshd -f /usr/share/ovirt-vmconsole/ovirt-vmconsole-host/ovirt-vmconsole-host-sshd/sshd_config -D Jan 24 16:17:02 seal11.qa.lab.tlv.redhat.com ovirt-vmconsole-host-sshd[18227]: Could not load host key: /etc/pki/ovirt-vmconsole/host-ssh_host_rsa Jan 24 16:17:02 seal11.qa.lab.tlv.redhat.com ovirt-vmconsole-host-sshd[18227]: Could not load host certificate: /etc/pki/ovirt-vmconsole/host-ssh_host_rsa-cert.pub Jan 24 16:17:02 seal11.qa.lab.tlv.redhat.com sshd[18227]: Server listening on 0.0.0.0 port 2223. Jan 24 16:17:02 seal11.qa.lab.tlv.redhat.com sshd[18227]: Server listening on :: port 2223. Jan 24 16:25:20 seal11.qa.lab.tlv.redhat.com sshd[19399]: error: Could not load host key: /etc/pki/ovirt-vmconsole/host-ssh_host_rsa Jan 24 16:25:20 seal11.qa.lab.tlv.redhat.com sshd[19399]: error: Could not load host certificate: /etc/pki/ovirt-vmconsole/host-ssh_host_rsa-cert.pub Jan 24 16:25:20 seal11.qa.lab.tlv.redhat.com sshd[19399]: fatal: No supported key exchange algorithms [preauth] Jan 24 16:25:39 seal11.qa.lab.tlv.redhat.com sshd[19427]: error: Could not load host key: /etc/pki/ovirt-vmconsole/host-ssh_host_rsa Jan 24 16:25:39 seal11.qa.lab.tlv.redhat.com sshd[19427]: error: Could not load host certificate: /etc/pki/ovirt-vmconsole/host-ssh_host_rsa-cert.pub Jan 24 16:25:39 seal11.qa.lab.tlv.redhat.com sshd[19427]: fatal: No supported key exchange algorithms [preauth] Host is Red Hat Enterprise Virtualization Hypervisor (Beta) release 7.2 (20160113.0.el7ev). ovirt-node-selinux-3.6.1-3.0.el7ev.noarch ovirt-hosted-engine-setup-1.3.2.2-2.el7ev.noarch ovirt-node-plugin-vdsm-0.6.1-5.el7ev.noarch ovirt-setup-lib-1.0.1-1.el7ev.noarch ovirt-host-deploy-1.4.1-1.el7ev.noarch ovirt-node-branding-rhev-3.6.1-3.0.el7ev.noarch ovirt-vmconsole-host-1.0.0-1.el7ev.noarch ovirt-node-lib-legacy-3.6.1-3.0.el7ev.noarch ovirt-node-lib-3.6.1-3.0.el7ev.noarch ovirt-node-3.6.1-3.0.el7ev.noarch ovirt-node-plugin-snmp-logic-3.6.1-3.0.el7ev.noarch qemu-kvm-rhev-2.3.0-31.el7_2.4.x86_64 ovirt-hosted-engine-ha-1.3.3.7-1.el7ev.noarch ovirt-node-plugin-hosted-engine-0.3.0-6.el7ev.noarch ovirt-host-deploy-offline-1.4.0-1.el7ev.x86_64 ovirt-node-plugin-snmp-3.6.1-3.0.el7ev.noarch ovirt-node-plugin-rhn-3.6.1-3.0.el7ev.noarch sanlock-3.2.4-1.el7.x86_64 ovirt-vmconsole-1.0.0-1.el7ev.noarch libvirt-client-1.2.17-13.el7_2.2.x86_64 mom-0.5.1-1.el7ev.noarch ovirt-node-lib-config-3.6.1-3.0.el7ev.noarch ovirt-node-plugin-cim-logic-3.6.1-3.0.el7ev.noarch vdsm-4.17.17-0.el7ev.noarch ovirt-node-plugin-cim-3.6.1-3.0.el7ev.noarch Engine is: rhevm-3.6.2.6-0.1.el6.noarch ovirt-host-deploy-java-1.4.1-1.el6ev.noarch ovirt-vmconsole-proxy-1.0.0-1.el6ev.noarch ovirt-vmconsole-1.0.0-1.el6ev.noarch ovirt-engine-extension-aaa-jdbc-1.0.5-1.el6ev.noarch ovirt-host-deploy-1.4.1-1.el6ev.noarch ovirt-setup-lib-1.0.1-1.el6ev.noarch Can you please fill in the "Fixed In Version:" field?
the host seem upgraded. For upgraded hosts you need to re-deploy the host to activate the proxy and set up keys correctly.
Please check if documentation contains this mandatory requirement.
requested in bug 601863
(In reply to Michal Skrivanek from comment #16) > the host seem upgraded. For upgraded hosts you need to re-deploy the host to > activate the proxy and set up keys correctly. Tried on clean iSCSI HE deployment and also failed to get serial-console connection working to the VM. My PC: $ ssh -v -t -i $HOME/.ssh/id_rsa -p 2222 ovirt-vmconsole.lab.tlv.redhat.com connect OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 56: Applying options for * debug1: Connecting to nsednev-he-2.qa.lab.tlv.redhat.com [10.35.97.250] port 2222. debug1: Connection established. debug1: identity file /home/nsednev/.ssh/id_rsa type 1 debug1: identity file /home/nsednev/.ssh/id_rsa-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: kex: diffie-hellman-group-exchange-sha256 need=16 dh_need=16 debug1: kex: diffie-hellman-group-exchange-sha256 need=16 dh_need=16 debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: ssh_rsa_verify: signature correct debug1: Server host key: RSA-CERT a0:c5:5e:32:04:16:c6:1f:74:e3:9e:40:56:ce:02:de debug1: checking without port identifier debug1: No matching CA found. Retry with plain key debug1: No matching CA found. Retry with plain key debug1: Host '[nsednev-he-2.qa.lab.tlv.redhat.com]:2222' is known and matches the RSA host key. debug1: Found key in /home/nsednev/.ssh/known_hosts:2 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/nsednev/.ssh/id_rsa debug1: Remote: Forced command: exec "/usr/libexec/ovirt-vmconsole-proxy-shell" accept --entityid="00000019-0019-0019-0019-00000000017b" --entity="admin_internal-authz" debug1: Remote: Agent forwarding disabled. debug1: Remote: Port forwarding disabled. debug1: Remote: User rc file execution disabled. debug1: Remote: X11 forwarding disabled. debug1: Server accepts key: pkalg ssh-rsa blen 279 Agent admitted failure to sign using the key. debug1: No more authentication methods to try. Permission denied (publickey). Engine: service ovirt-vmconsole-proxy-sshd status ovirt-vmconsole-proxy-sshd (pid 14272) is running... Linux version 2.6.32-573.12.1.el6.x86_64 (mockbuild.eng.bos.redhat.com) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-16) (GCC) ) #1 SMP Mon Nov 23 12:55:32 EST 2015 Host: systemctl status ovirt-vmconsole-host-sshd -l ● ovirt-vmconsole-host-sshd.service - oVirt VM Console SSH server daemon Loaded: loaded (/usr/lib/systemd/system/ovirt-vmconsole-host-sshd.service; enabled; vendor preset: disabled) Active: active (running) since Mon 2016-01-25 14:39:32 UTC; 1 day 2h ago Main PID: 21917 (sshd) CGroup: /system.slice/ovirt-vmconsole-host-sshd.service └─21917 /usr/sbin/sshd -f /usr/share/ovirt-vmconsole/ovirt-vmconsole-host/ovirt-vmconsole-host-sshd/sshd_config -D Jan 25 14:39:32 alma03.qa.lab.tlv.redhat.com systemd[1]: Started oVirt VM Console SSH server daemon. Jan 25 14:39:32 alma03.qa.lab.tlv.redhat.com systemd[1]: Starting oVirt VM Console SSH server daemon... Jan 25 14:39:32 alma03.qa.lab.tlv.redhat.com sshd[21917]: Server listening on 0.0.0.0 port 2223. Jan 25 14:39:32 alma03.qa.lab.tlv.redhat.com sshd[21917]: Server listening on :: port 2223. Red Hat Enterprise Virtualization Hypervisor (Beta) release 7.2 (20160113.0.el7ev) Guest VM has been configured for it's permissions and also key was provided to the engine.
You had that issue before, https://bugzilla.redhat.com/show_bug.cgi?id=1261519#c2
(In reply to Michal Skrivanek from comment #20) > You had that issue before, > https://bugzilla.redhat.com/show_bug.cgi?id=1261519#c2 I'll look in to it, if it's the issue, then it's again SElinux problem.
(In reply to Nikolai Sednev from comment #21) > (In reply to Michal Skrivanek from comment #20) > > You had that issue before, > > https://bugzilla.redhat.com/show_bug.cgi?id=1261519#c2 > > I'll look in to it, if it's the issue, then it's again SElinux problem. no, as that is unrelated to that bug. SELinux issue is a bug 1262003, and bug 1261519 fixed hostname reporting released in oVirt 3.6 RC3. So you either have a different issue, or it is a regression, or PEBCAK
I've set environment RHEVH-HE on NFS and added NFS SD to it, then environment successfully made auto-import of the HE-SD and HE-VM in to the WEBUI, this was made automatically, once I've created additional NFS SD. I've added VM with RHEL7.2 and guest-agent installed on it+systemctl start serial-getty on guest-VM, then added permissions to the VM as attached in picture to this bug. Works for me on NFS deployed RHEVH appliance with following components: Host: sanlock-3.2.4-1.el7.x86_64 libvirt-client-1.2.17-13.el7_2.2.x86_64 mom-0.5.1-1.el7ev.noarch qemu-kvm-rhev-2.3.0-31.el7_2.4.x86_64 vdsm-4.17.18-0.el7ev.noarch Linux version 3.10.0-327.4.5.el7.x86_64 (mockbuild.eng.bos.redhat.com) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC) ) #1 SMP Thu Jan 21 04:10:29 EST 2016 Engine: rhevm-3.6.3-0.1.el6.noarch Linux version 2.6.32-573.12.1.el6.x86_64 (mockbuild.eng.bos.redhat.com) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-16) (GCC) ) #1 SMP Mon Nov 23 12:55:32 EST 2015 # ssh -v -t -i $HOME/.ssh/id_rsa -p 2222 ovirt-vmconsole.88.114 connect OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 56: Applying options for * debug1: Connecting to 10.35.88.114 [10.35.88.114] port 2222. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/id_rsa type 1 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: kex: diffie-hellman-group-exchange-sha256 need=16 dh_need=16 debug1: kex: diffie-hellman-group-exchange-sha256 need=16 dh_need=16 debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: ssh_rsa_verify: signature correct debug1: Server host key: RSA-CERT cd:15:87:07:88:51:4a:4c:37:4d:af:ca:5c:bd:66:f9 debug1: checking without port identifier debug1: No matching CA found. Retry with plain key debug1: No matching CA found. Retry with plain key debug1: Host '[10.35.88.114]:2222' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:8 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /root/.ssh/id_rsa debug1: Remote: Forced command: exec "/usr/libexec/ovirt-vmconsole-proxy-shell" accept --entityid="00000019-0019-0019-0019-0000000003c1" --entity="admin_internal-authz" debug1: Remote: Agent forwarding disabled. debug1: Remote: Port forwarding disabled. debug1: Remote: User rc file execution disabled. debug1: Remote: X11 forwarding disabled. debug1: Server accepts key: pkalg ssh-rsa blen 279 debug1: key_parse_private2: missing begin marker debug1: read PEM private key done: type RSA debug1: Remote: Forced command: exec "/usr/libexec/ovirt-vmconsole-proxy-shell" accept --entityid="00000019-0019-0019-0019-0000000003c1" --entity="admin_internal-authz" debug1: Remote: Agent forwarding disabled. debug1: Remote: Port forwarding disabled. debug1: Remote: User rc file execution disabled. debug1: Remote: X11 forwarding disabled. debug1: Authentication succeeded (publickey). Authenticated to 10.35.88.114 ([10.35.88.114]:2222). debug1: channel 0: new [client-session] debug1: Requesting no-more-sessions debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 debug1: Sending env LANGUAGE = debug1: Sending command: connect Red Hat Enterprise Linux Server 7.0 (Maipo) Kernel 3.10.0-123.el7.x86_64 on an x86_64 RHEL7Server login: root Password: Last login: Mon Feb 1 14:32:24 on ttyS0 [root@RHEL7Server ~]#
Created attachment 1120109 [details] Screenshot from 2016-02-01 15:13:42.png