Bug 1308980 - User cannot connect to VM, after connection from admin portal
Summary: User cannot connect to VM, after connection from admin portal
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine
Version: 3.6.3
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-02-16 16:15 UTC by Andrei Stepanov
Modified: 2016-02-17 13:41 UTC (History)
15 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-02-17 13:41:57 UTC
oVirt Team: Virt
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
screenshot for warning message (108.39 KB, image/png)
2016-02-16 16:15 UTC, Andrei Stepanov 		no flags Details
engine.log (12.64 KB, text/plain)
2016-02-16 16:55 UTC, Andrei Stepanov 		no flags Details
View All

Description Andrei Stepanov 2016-02-16 16:15:17 UTC 
Created attachment 1127626 [details]
screenshot for warning message

User cannot connect to VM from User Portal after connection was made to the same VM from Admin Portal.

rhevm-3.6.3.1-0.1.el6.noarch
From repo   : rhev3.6.3-2

How reproducible: always


Steps to Reproduce:
1. Login to admin webportal. Connect to any VM.
2. Close remote-viewer window.
3. Login to user portal. Select the same VM.
4. Try to connect to it.

Actual results: pop-up windows appears with message: "Setting VM ticket failed. Console of VM is currently being used by admin user."

The only way to connect to VM is to shutdown it.
Comment 2 Andrei Stepanov 2016-02-16 16:53:15 UTC 
How reproducible: always.
It is not a regression.
Previous 3.6 builds didn't have such problem.
service ovirt-engine restart doesn't help to solve the problem
Comment 3 Andrei Stepanov 2016-02-16 16:55:29 UTC 
Created attachment 1127638 [details]
engine.log

engine.log for actions:
* connect from user portal
* disconnect
* connect from admin portal
* disconnect
* connect from user portal
Comment 4 Tomas Jelinek 2016-02-17 13:17:35 UTC 
This actually looks like the correct behavior introduced by this fix: https://bugzilla.redhat.com/show_bug.cgi?id=1297018

From logs I see that the user trying to get the console is a different one than the user which has the console opened. The behavior should be like this:

- when an admin user opens a console, only an another admin user can open this console (unless the VM is restarted)
- this behavior is enabled by default - you can disable it in edit VM dialog -> console tab -> advanced parameters -> disable strict user checking

@Andrei: can you confirm that this is the behavior?
Comment 5 Andrei Stepanov 2016-02-17 13:33:03 UTC 
Let us look at next scenario:

From the beginning the owner of console was an ordinary user. Also suppose that there is no active connection from user to the VM.
Admin decided to do some administrative task. Admin connects to running to VM. Admin does some administrative tasks, and leave VM running, closing console (remote-viewer). After this user cannot connect to VM. User sees message: "Setting VM ticket failed. Console of VM is currently being used by admin user." But, there is no active connection to VM from admin. Can you confirm that is correct and expected behaviour?
Comment 6 Michal Skrivanek 2016-02-17 13:41:57 UTC 
this is a correct behavior as per documentation of the Strict User Checking feature
Note You need to log in before you can comment on or make changes to this bug.