Bug 1320343 - VirtIO serial console is not working with SuperUser role.
Summary: VirtIO serial console is not working with SuperUser role.
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-vmconsole
Version: 3.6.3
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ovirt-4.0.0-rc
: 4.0.0
Assignee: Tomas Jelinek
QA Contact: Jiri Belka
URL:
Whiteboard:
Depends On: 1313904
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-03-22 22:44 UTC by Ameya Charekar
Modified: 2019-12-16 05:33 UTC (History)
7 users (show)

Fixed In Version: 4.0.0-12
Doc Type: Bug Fix
Doc Text:
Cause: The SuperUser role assigned to the user on a VM did not let the user to be able to use the VirtIO serial console. Consequence: If the user wanted to use the VirtIO serial console one of the UserVmManager or UserInstanceManager had to be assigned to the user. Fix: Made sure also the SuperUser will be considered Result: Now also the SuperUser is allowed to use the VirtIO serial console
Clone Of:
Environment:
Last Closed: 2016-08-30 07:48:29 UTC
oVirt Team: Virt
Target Upstream Version:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
oVirt gerrit 57737 0 master MERGED core: SuperUser can not use virtio serial console 2016-05-24 08:06:06 UTC

Description Ameya Charekar 2016-03-22 22:44:25 UTC 
Description of problem:
VirtIO serial console is not working with superuser role (tried with admin@internal).

Version-Release number of selected component (if applicable):

on rhevm:
ovirt-vmconsole-1.0.0-1.el6ev.noarch
ovirt-vmconsole-proxy-1.0.0-1.el6ev.noarch

on hypervisor:
ovirt-vmconsole-1.0.0-1.el7ev.noarch
ovirt-vmconsole-host-1.0.0-1.el7ev.noarch

How reproducible:
Always

Steps to Reproduce:
1. Enable VirtIO serial console.
2. Copy public key of the client machine.
3. ssh -t -p 2222 ovirt-vmconsole@MANAGER_IP.

Actual results:
ERROR: No available running VMs
Connection to MANAGER_IP closed.

Expected results:
We should get serial console with SuperUser role. As per documentation, to access the serial console of a virtual machine, the user must have the UserVmManager, SuperUser, or UserInstanceManager permission on that virtual machine.

Additional info:
Adding role UserVmManager resolves the issue.
Comment 1 Francesco Romani 2016-03-24 11:27:15 UTC 
We suspect an underlying role/permission management issue.
Could be related to https://bugzilla.redhat.com/show_bug.cgi?id=1313904
We will continue the investigation to pinpoint the root cause.
Comment 2 Yaniv Lavi 2016-05-09 11:04:49 UTC 
oVirt 4.0 Alpha has been released, moving to oVirt 4.0 Beta target.
Comment 5 Michal Skrivanek 2016-05-19 10:49:20 UTC 
Best would be to solve the "VM visibility problem" in console servlet, just so it behaves the same as the rest of the system
Comment 8 Jiri Belka 2016-08-11 09:25:10 UTC 
ok, ovirt-engine-4.0.2.4-0.1.el7ev.noarch

works for admin@internal and an AD user with both UserVmManager and UserInstanceManager roles (it needs UserProfileEditor role so the user could modify his profile, ie. to upload this public ssh key).
Comment 9 Jiri Belka 2016-08-11 09:28:18 UTC 
DocText is odd, there appears twice 'UserInstanceManager'.
Comment 10 Tomas Jelinek 2016-08-11 10:39:07 UTC 
right, the doc text was wrong - fixed. 

But the verification was not correct, both UserVmManager and UserInstanceManager roles worked also before. The issue was that also the SuperUser did not work, so also this role needs to be checked.
Comment 11 Jiri Belka 2016-08-11 11:12:50 UTC 
SuperUser works fine - admin@internal - but tested also with an AD user with this role too ;)
Note You need to log in before you can comment on or make changes to this bug.