Bug 1373077 - HE-VM's serial console is shown in shell, although it was not enabled via WEBUI
Summary: HE-VM's serial console is shown in shell, although it was not enabled via WEBUI
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: ovirt-engine
Classification: oVirt
Component: VMConsole
Version: 4.0.4
Hardware: x86_64
OS: Linux
unspecified
high vote
Target Milestone: ---
: ---
Assignee: Francesco Romani
QA Contact: meital avital
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-09-05 06:11 UTC by Nikolai Sednev
Modified: 2016-09-07 10:14 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-09-07 10:14:47 UTC
oVirt Team: Virt
rule-engine: planning_ack?
rule-engine: devel_ack?
rule-engine: testing_ack?

Attachments (Terms of Use)
HE-VM serial console was not enabled and not marked via WEBUI, but appears via the shell. (92.72 KB, image/png)
2016-09-05 06:12 UTC, Nikolai Sednev 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Nikolai Sednev 2016-09-05 06:11:09 UTC 
Description of problem:
Available Serial Consoles:
00 HostedEngine[2e3d7582-403a-434b-ace9-d96f933aa03a]
01 VM_RHCSA_1[ea2420e6-4eba-433f-a4cd-a7608e5a62a7]
02 VM_RHCSA_2[73a1cf15-d247-458e-8440-bd015ce58867]
03 WIN7[7ee2ab8f-2837-463e-9308-2609b0d0ab84]


Version-Release number of selected component (if applicable):
Engine:
ovirt-engine-lib-4.0.4-0.1.el7ev.noarch
ovirt-host-deploy-java-1.5.2-1.el7ev.noarch
ovirt-engine-webadmin-portal-debuginfo-4.0.4-0.1.el7ev.noarch
ovirt-engine-restapi-4.0.4-0.1.el7ev.noarch
ovirt-engine-sdk-python-3.6.8.0-1.el7ev.noarch
ovirt-engine-dashboard-1.0.3-1.el7ev.x86_64
ovirt-engine-setup-plugin-ovirt-engine-4.0.4-0.1.el7ev.noarch
ovirt-iso-uploader-4.0.1-1.el7ev.noarch
ovirt-engine-userportal-4.0.4-0.1.el7ev.noarch
ovirt-imageio-common-0.3.0-0.el7ev.noarch
ovirt-vmconsole-proxy-1.0.4-1.el7ev.noarch
ovirt-engine-setup-base-4.0.4-0.1.el7ev.noarch
ovirt-engine-setup-plugin-websocket-proxy-4.0.4-0.1.el7ev.noarch
ovirt-engine-setup-4.0.4-0.1.el7ev.noarch
ovirt-image-uploader-4.0.1-1.el7ev.noarch
ovirt-engine-dbscripts-4.0.4-0.1.el7ev.noarch
ovirt-engine-dwh-setup-4.0.2-1.el7ev.noarch
ovirt-engine-4.0.4-0.1.el7ev.noarch
ovirt-engine-dwh-4.0.2-1.el7ev.noarch
ovirt-imageio-proxy-setup-0.3.0-0.el7ev.noarch
ovirt-vmconsole-1.0.4-1.el7ev.noarch
ovirt-setup-lib-1.0.2-1.el7ev.noarch
ovirt-engine-setup-plugin-ovirt-engine-common-4.0.4-0.1.el7ev.noarch
ovirt-host-deploy-1.5.2-1.el7ev.noarch
ovirt-engine-vmconsole-proxy-helper-4.0.4-0.1.el7ev.noarch
ovirt-engine-userportal-debuginfo-4.0.4-0.1.el7ev.noarch
ovirt-engine-tools-backup-4.0.4-0.1.el7ev.noarch
ovirt-engine-webadmin-portal-4.0.4-0.1.el7ev.noarch
ovirt-engine-tools-4.0.4-0.1.el7ev.noarch
ovirt-engine-cli-3.6.8.1-1.el7ev.noarch
ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.0.4-0.1.el7ev.noarch
ovirt-log-collector-4.0.1-1.el7ev.noarch
python-ovirt-engine-sdk4-4.0.0-1.el7ev.x86_64
ovirt-engine-websocket-proxy-4.0.4-0.1.el7ev.noarch
ovirt-engine-extensions-api-impl-4.0.4-0.1.el7ev.noarch
ovirt-engine-backend-4.0.4-0.1.el7ev.noarch
ovirt-imageio-proxy-0.3.0-0.el7ev.noarch
ovirt-engine-extension-aaa-jdbc-1.1.0-1.el7ev.noarch
rhev-guest-tools-iso-4.0-5.el7ev.noarch
rhev-hypervisor7-7.2-20160209.2.bz1288237.el6ev.noarch
rhevm-setup-plugins-4.0.0.2-1.el7ev.noarch
rhev-release-4.0.4-1-001.noarch
rhevm-doc-4.0.0-3.el7ev.noarch
rhevm-guest-agent-common-1.0.12-3.el7ev.noarch
rhevm-branding-rhev-4.0.0-5.el7ev.noarch
rhev-release-4.0.2-9-001.noarch
rhevm-4.0.4-0.1.el7ev.noarch
rhevm-spice-client-x64-msi-4.0-3.el7ev.noarch
rhev-release-4.0.3-1-001.noarch
rhevm-spice-client-x86-msi-4.0-3.el7ev.noarch
rhevm-dependencies-4.0.0-1.el7ev.noarch
rhev-release-4.0.1-2-001.noarch
Linux version 3.10.0-327.36.1.el7.x86_64 (mockbuild.eng.bos.redhat.com) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC) ) #1 SMP Wed Aug 17 03:02:37 EDT 2016
Linux 3.10.0-327.36.1.el7.x86_64 #1 SMP Wed Aug 17 03:02:37 EDT 2016 x86_64 x86_64 x86_64 GNU/Linux
Red Hat Enterprise Linux Server release 7.2 (Maipo)

Host:
ovirt-imageio-daemon-0.3.0-0.el7ev.noarch
mom-0.5.5-1.el7ev.noarch
rhevm-appliance-20160731.0-1.el7ev.noarch
ovirt-host-deploy-1.5.2-1.el7ev.noarch
ovirt-setup-lib-1.0.2-1.el7ev.noarch
ovirt-vmconsole-1.0.4-1.el7ev.noarch
ovirt-hosted-engine-ha-2.0.3-1.el7ev.noarch
ovirt-imageio-common-0.3.0-0.el7ev.noarch
qemu-kvm-rhev-2.3.0-31.el7_2.21.x86_64
libvirt-client-1.2.17-13.el7_2.5.x86_64
ovirt-vmconsole-host-1.0.4-1.el7ev.noarch
ovirt-engine-sdk-python-3.6.8.0-1.el7ev.noarch
ovirt-hosted-engine-setup-2.0.2-1.el7ev.noarch
sanlock-3.2.4-3.el7_2.x86_64
rhev-release-4.0.4-1-001.noarch
vdsm-4.18.12-1.el7ev.x86_64
Linux version 3.10.0-327.36.1.el7.x86_64 (mockbuild.eng.bos.redhat.com) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC) ) #1 SMP Wed Aug 17 03:02:37 EDT 2016
Linux 3.10.0-327.36.1.el7.x86_64 #1 SMP Wed Aug 17 03:02:37 EDT 2016 x86_64 x86_64 x86_64 GNU/Linux
Red Hat Enterprise Linux Server release 7.2 (Maipo)


How reproducible:
100%

Steps to Reproduce:
1.Deploy HE over iSCSI.
2.Check for serial console availability using shell. 
3.

Actual results:
HE's VM is shown although it was not enabled.

Expected results:
HE's VM should not be shown if not enabled.

Additional info:
See screenshot as attached.
Comment 1 Nikolai Sednev 2016-09-05 06:12:55 UTC 
Created attachment 1197756 [details]
HE-VM serial console was not enabled and not marked via WEBUI, but appears via the shell.
Comment 2 Michal Skrivanek 2016-09-07 06:23:20 UTC 
I suppose the existence of serial console is intentional for HE. Not sure about permissions
Comment 3 Nikolai Sednev 2016-09-07 06:57:35 UTC 
(In reply to Michal Skrivanek from comment #2)
> I suppose the existence of serial console is intentional for HE. Not sure
> about permissions

I have not set permissions for HE-VM to get serial console allowed as I did for other 2 VMs, even though, HE-VM appears in shell.
HE-VM's default permissions that I see are:  	
SuperUser
UserProfileEditor

Guest-VM's exposed to serial console have permissions of:
UserVmManager
SuperUser
UserProfileEditor

The UserVmManager permission is a must for getting the VM shown in serial console's shell.
Comment 4 Michal Skrivanek 2016-09-07 07:01:55 UTC 
SuperUser as well (on the VM entity). Is that who you were connecting with?
Comment 5 Nikolai Sednev 2016-09-07 07:21:22 UTC 
(In reply to Michal Skrivanek from comment #4)
> SuperUser as well (on the VM entity). Is that who you were connecting with?

I think so. I see that only with SuperUser I'm getting the serial-console. Should've it been changed for UserVmManager, as the one and only permission for serial console?
Comment 6 Michal Skrivanek 2016-09-07 07:24:33 UTC 
(In reply to Nikolai Sednev from comment #5)
> (In reply to Michal Skrivanek from comment #4)
> > SuperUser as well (on the VM entity). Is that who you were connecting with?
> 
> I think so. I see that only with SuperUser I'm getting the serial-console.

Then it works correctly.

> Should've it been changed for UserVmManager, as the one and only permission
> for serial console?

Why? See bug 1320343

Is there still anything to look at from original description or we're all good now?
Comment 7 Nikolai Sednev 2016-09-07 08:29:45 UTC 
Sounds like my bug is actually not a bug at all, as not only UserVmManager permission is required, but UserInstanceManager or SuperUser are sufficient.
Please consider closing this one as not a bug.
Comment 8 Michal Skrivanek 2016-09-07 10:14:47 UTC 
ok. thanks
Note You need to log in before you can comment on or make changes to this bug.