1435088 – [Upgrade] Auto-Import of HostedEngine VM fails due to missing CPU Profile Permissions

Bug 1435088 - [Upgrade] Auto-Import of HostedEngine VM fails due to missing CPU Profile Permissions

Summary: [Upgrade] Auto-Import of HostedEngine VM fails due to missing CPU Profile Per...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	ovirt-engine
Sub Component:
Version:	3.6.10
Hardware:	x86_64
OS:	Linux
Priority:	high
Severity:	medium
Target Milestone:	ovirt-4.1.2
Target Release:	---
Assignee:	Andrej Krejcir
QA Contact:	Nikolai Sednev
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1439240
TreeView+	depends on / blocked

Reported:	2017-03-23 05:59 UTC by Germano Veit Michel
Modified:	2020-05-14 15:49 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Previously, CPU profile permissions were checked even if the command to import a self-hosted engine virtual machine was run internally. If the CPU profile in the cluster did not have permissions for 'Everyone', the import would fail. This updated disables permission checking if the command is called internally.
Clone Of:
Clones:	1439240 (view as bug list)
Environment:
Last Closed:	2017-05-24 11:22:26 UTC
oVirt Team:	SLA
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Knowledge Base (Solution)	2978821	None	None	None	2017-03-23 06:00:29 UTC
Red Hat Product Errata	RHEA-2017:1280	normal	SHIPPED_LIVE	Red Hat Virtualization Manager (ovirt-engine) 4.1.2	2017-05-24 15:18:48 UTC
oVirt gerrit	74908	master	MERGED	core: Ignore cpu profile premissions for internal commands	2017-04-05 13:38:37 UTC
oVirt gerrit	75140	ovirt-engine-4.1	MERGED	core: Ignore cpu profile premissions for internal commands	2017-04-05 14:56:22 UTC
oVirt gerrit	75141	ovirt-engine-4.0	ABANDONED	core: Ignore cpu profile premissions for internal commands	2017-04-04 15:12:26 UTC
oVirt gerrit	75142	ovirt-engine-3.6	MERGED	core: Ignore cpu profile premissions for internal commands	2017-04-05 14:53:42 UTC

Description Germano Veit Michel 2017-03-23 05:59:36 UTC

Description of problem:

Initially I saw this on one of out test labs and thought it was just us messing around with every single option available. But now I saw it again.

CanDoAction of ImportVm during the Auto-Import of HE VM ends up calling assignFirstCpuProfile(). And in case the the Cluster the HE VM is being imported to is missing the permissions for CpuProfileOperator, the canDo validation fails and the HostedEngine VM is not imported with ACTION_TYPE_CPU_PROFILE_EMPTY. 

See:

2017-03-21 14:41:20,149 WARN  [org.ovirt.engine.core.bll.ImportVmCommand] (org.ovirt.thread.pool-6-thread-19) [] CanDoAction of action 'ImportVm' failed for user SYSTEM. Reasons: VAR__ACTION__IMPORT,VAR__TYPE__VM,ACTION_TYPE_CPU_PROFILE_EMPTY

2017-03-21 14:41:20,149 ERROR [org.ovirt.engine.core.bll.HostedEngineImporter] (org.ovirt.thread.pool-6-thread-19) [] Failed importing the Hosted Engine VM

And it keeps looping like this forever.

In both occurrences I saw the Cluster the HE VM is being imported to is not the Default one and is missing the CpuProfileOperator permission role, so HE Auto-Import fails.

Common Ground:
- Both were upgraded from 3.5
- Both have custom (user created) Clusters in which the HE runs (not Default name)
- Cluster already existed in 3.5

From what I can see CpuProfileOperator was introduced in 3.6.

Case 1 (ticket):
* 3.5 to 3.6 Upgrade
* Cluster the HE VM supposed to be imported already existed pre upgrade to 3.6

Case 2 (labs):
* 4.0 Standalone to 4.0 SHE Migration
* this has been upgraded all the way from early RHV 3.x
* Cluster HE VM was supposed to be imported to was definitely created pre-3.6

Version-Release number of selected component (if applicable):
rhevm-3.6.10.2-0.2.el6.noarch

How reproducible:
Not sure

More information:
* Shouldn't the HE VM Auto-Import process ensure the CpuProfile roles are in the cluster it's trying to import the VM to?
* Shouldn't these permissions be added to all clusters that are upgraded to 3.6? I can only see it added to the 'Default' cluster, not the user created cluster that runs HE.

Comment 6 Nikolai Sednev 2017-04-26 13:32:38 UTC

Worked for me for latest 4.1, just like https://bugzilla.redhat.com/show_bug.cgi?id=1439240#c7 did.
Moving to verified.

Comment 8 errata-xmlrpc 2017-05-24 11:22:26 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1280

Note You need to log in before you can comment on or make changes to this bug.