1459242 – Unable to Add provider running on SSL (with validation)

Bug 1459242 - Unable to Add provider running on SSL (with validation)

Summary: Unable to Add provider running on SSL (with validation)

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat CloudForms Management Engine
Classification:	Red Hat
Component:	Providers
Sub Component:
Version:	5.8.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	GA
Target Release:	cfme-future
Assignee:	John Mazzitelli
QA Contact:	Prachi
Docs Contact:
URL:
Whiteboard:	middleware:provider
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-06-06 15:36 UTC by Prachi
Modified:	2018-01-05 23:48 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-01-04 15:36:09 UTC
Category:	Bug
Cloudforms Team:	Middleware
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
Screen-shot of validating provider (140.59 KB, image/png) 2017-06-06 15:36 UTC, Prachi	no flags	Details
CFME logs (949.80 KB, application/zip) 2017-06-07 16:40 UTC, Prachi	no flags	Details
View All

Description Prachi 2017-06-06 15:36:10 UTC

Created attachment 1285458 [details]
Screen-shot of validating provider

Description of problem: Unable to Add provider running on SSL (with validation). CFME is not validating the provider.


Version-Release number of selected component (if applicable): 5.8.0.17.20170525183055_6317a22 


How reproducible:


Steps to Reproduce:
1. Install HS using SSL (no clear document how to do this)
*************************************
Create key file and pem file

1) mkdir /client-secrets and run below command inside this directory
2) openssl genrsa -out hawkular-services-private.key 2048
3) openssl req -new -sha256 -key hawkular-services-private.key -out csr.csr
4)openssl req -x509 -sha256 -days 365 -key hawkular-services-private.key -in csr.csr -out hawkular-services-public.pem

Start Casandra:

docker run --name hawkular-cassandra -d -e CASSANDRA_START_RPC=true  brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/jboss-mm-7-tech-preview/middleware-manager-datastore

Start Hawkular server:

 docker run -d --link=hawkular-cassandra -e HAWKULAR_USER=jdoe -e HAWKULAR_PASSWORD=password -e CASSANDRA_NODES=hawkular-cassandra -e HAWKULAR_BACKEND=remote -e DB_TIMEOUT=300 -e CASSANDRA_CONNECT_TIMEOUT=40000 -e CASSANDRA_READ_TIMEOUT=40000 -e CASSANDRA_REQUEST_TIMEOUT=40000 -e HAWKULAR_USE_SSL=true -p 8443:8443 -p 9990:9990 -v /client-secrets:/client-secrets  brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/jboss-mm-7-tech-preview/middleware-manager:7.0.0-16

*************************************

2. Access https://<IP:8443>, should accessible
3. Login to CFME
4. Add Middleware provider
5. Select "Security protocol" "SSL"
6. Select IP and port=8443
7. Validate

Actual results: Validation failed


Expected results: Validation Successful


Additional info:

No document is available how it works and how it should be setup

Comment 2 Alissa 2017-06-07 11:16:52 UTC

Prachi, please attach miq logs with detailed exception. thank you

Comment 3 Prachi 2017-06-07 16:05:49 UTC

CFME logs while validating HS using SSL

***********************************
[----] I, [2017-06-07T12:01:20.782036 #5739:b1713c]  INFO -- : MIQ(MiqQueue.put) Message id: [80896],  id: [], Zone: [default], Role: [smartstate], Server: [], Ident: [generic], Target id: [], Instance id: [], Task id: [job_dispatcher], Command: [JobProxyDispatcher.dispatch], Timeout: [600], Priority: [20], State: [ready], Deliver On: [], Data: [], Args: []
[----] E, [2017-06-07T12:01:21.420943 #5801:14d1434] ERROR -- : SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (RestClient::SSLCertificateNotVerified)
/opt/rh/cfme-gemset/gems/rest-client-2.0.2/lib/restclient/request.rb:758:in `rescue in transmit'
/opt/rh/cfme-gemset/gems/rest-client-2.0.2/lib/restclient/request.rb:647:in `transmit'
/opt/rh/cfme-gemset/gems/rest-client-2.0.2/lib/restclient/request.rb:145:in `execute'
/opt/rh/cfme-gemset/gems/rest-client-2.0.2/lib/restclient/request.rb:52:in `execute'
/opt/rh/cfme-gemset/gems/rest-client-2.0.2/lib/restclient/resource.rb:51:in `get'
/opt/rh/cfme-gemset/gems/hawkular-client-3.0.1/lib/hawkular/base_client.rb:41:in `http_get'
/opt/rh/cfme-gemset/gems/hawkular-client-3.0.1/lib/hawkular/inventory/inventory_api.rb:298:in `fetch_version_and_status'
/opt/rh/cfme-gemset/gems/hawkular-client-3.0.1/lib/hawkular/inventory/inventory_api.rb:28:in `initialize'
/opt/rh/cfme-gemset/gems/hawkular-client-3.0.1/lib/hawkular/hawkular_client.rb:35:in `new'
/opt/rh/cfme-gemset/gems/hawkular-client-3.0.1/lib/hawkular/hawkular_client.rb:35:in `inventory'
/var/www/miq/vmdb/app/models/manageiq/providers/hawkular/middleware_manager.rb:37:in `verify_credentials'
/var/www/miq/vmdb/app/models/mixins/authentication_mixin.rb:326:in `authentication_check_no_validation'
/var/www/miq/vmdb/app/models/mixins/authentication_mixin.rb:304:in `authentication_check'
/opt/rh/cfme-gemset/bundler/gems/manageiq-ui-classic-1048ffdbd63f/app/controllers/mixins/ems_common_angular.rb:58:in `update_ems_button_validate'
/opt/rh/cfme-gemset/bundler/gems/manageiq-ui-classic-1048ffdbd63f/app/controllers/mixins/ems_common_angular.rb:105:in `create_ems_button_validate'
/opt/rh/cfme-gemset/bundler/gems/manageiq-ui-classic-1048ffdbd63f/app/controllers/mixins/ems_common_angular.rb:76:in `create'
/opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_controller/metal/basic_implicit_render.rb:4:in `send_action'
/opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/abstract_controller/base.rb:188:in `process_action'
/opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_controller/metal/rendering.rb:30:in `process_action'
/opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/abstract_controller/callbacks.rb:20:in `block in process_action'
/opt/rh/cfme-gemset/gems/activesupport-5.0.3/lib/active_support/callbacks.rb:126:in `call'
/opt/rh/cfme-gemset/gems/activesupport-5.0.3/lib/active_support/callbacks.rb:506:in `block (2 levels) in compile'
/opt/rh/cfme-gemset/gems/activesupport-5.0.3/lib/active_support/callbacks.rb:455:in `call'
/opt/rh/cfme-gemset/gems/activesupport-5.0.3/lib/active_support/callbacks.rb:101:in `__run_callbacks__'
/opt/rh/cfme-gemset/gems/activesupport-5.0.3/lib/active_support/callbacks.rb:750:in `_run_process_action_callbacks'
/opt/rh/cfme-gemset/gems/activesupport-5.0.3/lib/active_support/callbacks.rb:90:in `run_callbacks'
/opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/abstract_controller/callbacks.rb:19:in `process_action'
/opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_controller/metal/rescue.rb:20:in `process_action'
/opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_controller/metal/instrumentation.rb:32:in `block in process_action'
/opt/rh/cfme-gemset/gems/activesupport-5.0.3/lib/active_support/notifications.rb:164:in `block in instrument'
/opt/rh/cfme-gemset/gems/activesupport-5.0.3/lib/active_support/notifications/instrumenter.rb:21:in `instrument'
/opt/rh/cfme-gemset/gems/activesupport-5.0.3/lib/active_support/notifications.rb:164:in `instrument'
/opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_controller/metal/instrumentation.rb:30:in `process_action'
/opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_controller/metal/params_wrapper.rb:248:in `process_action'
/opt/rh/cfme-gemset/gems/activerecord-5.0.3/lib/active_record/railties/controller_runtime.rb:18:in `process_action'
/opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/abstract_controller/base.rb:126:in `process'
/opt/rh/cfme-gemset/gems/actionview-5.0.3/lib/action_view/rendering.rb:30:in `process'
/opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_controller/metal.rb:190:in `dispatch'
/opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_controller/metal.rb:262:in `dispatch'
/opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_dispatch/routing/route_set.rb:50:in `dispatch'
/opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_dispatch/routing/route_set.rb:32:in `serve'
/opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_dispatch/journey/router.rb:39:in `block in serve'
/opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_dispatch/journey/router.rb:26:in `each'
/opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_dispatch/journey/router.rb:26:in `serve'
/opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_dispatch/routing/route_set.rb:725:in `call'
/opt/rh/cfme-gemset/gems/secure_headers-3.0.3/lib/secure_headers/middleware.rb:10:in `call'
/opt/rh/cfme-gemset/gems/rack-2.0.3/lib/rack/etag.rb:25:in `call'
/opt/rh/cfme-gemset/gems/rack-2.0.3/lib/rack/conditional_get.rb:38:in `call'
/opt/rh/cfme-gemset/gems/rack-2.0.3/lib/rack/head.rb:12:in `call'
/opt/rh/cfme-gemset/gems/rack-2.0.3/lib/rack/session/abstract/id.rb:232:in `context'
/opt/rh/cfme-gemset/gems/rack-2.0.3/lib/rack/session/abstract/id.rb:226:in `call'
/opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_dispatch/middleware/cookies.rb:613:in `call'
/opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_dispatch/middleware/callbacks.rb:38:in `block in call'
/opt/rh/cfme-gemset/gems/activesupport-5.0.3/lib/active_support/callbacks.rb:97:in `__run_callbacks__'
/opt/rh/cfme-gemset/gems/activesupport-5.0.3/lib/active_support/callbacks.rb:750:in `_run_call_callbacks'
/opt/rh/cfme-gemset/gems/activesupport-5.0.3/lib/active_support/callbacks.rb:90:in `run_callbacks'
/opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_dispatch/middleware/callbacks.rb:36:in `call'
/opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_dispatch/middleware/remote_ip.rb:79:in `call'
/opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_dispatch/middleware/debug_exceptions.rb:49:in `call'
/opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_dispatch/middleware/show_exceptions.rb:31:in `call'
/opt/rh/cfme-gemset/gems/railties-5.0.3/lib/rails/rack/logger.rb:36:in `call_app'
/opt/rh/cfme-gemset/gems/railties-5.0.3/lib/rails/rack/logger.rb:26:in `call'
/opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_dispatch/middleware/request_id.rb:24:in `call'
/opt/rh/cfme-gemset/gems/rack-2.0.3/lib/rack/method_override.rb:22:in `call'
/opt/rh/cfme-gemset/gems/rack-2.0.3/lib/rack/runtime.rb:22:in `call'
/opt/rh/cfme-gemset/gems/activesupport-5.0.3/lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
/opt/rh/cfme-gemset/gems/actionpack-5.0.3/lib/action_dispatch/middleware/executor.rb:12:in `call'
/opt/rh/cfme-gemset/gems/rack-2.0.3/lib/rack/sendfile.rb:111:in `call'
/opt/rh/cfme-gemset/gems/railties-5.0.3/lib/rails/engine.rb:522:in `call'
/opt/rh/rh-ruby23/root/usr/share/gems/gems/puma-3.3.0/lib/puma/configuration.rb:224:in `call'
/opt/rh/rh-ruby23/root/usr/share/gems/gems/puma-3.3.0/lib/puma/server.rb:561:in `handle_request'
/opt/rh/rh-ruby23/root/usr/share/gems/gems/puma-3.3.0/lib/puma/server.rb:406:in `process_client'
/opt/rh/rh-ruby23/root/usr/share/gems/gems/puma-3.3.0/lib/puma/server.rb:271:in `block in run'
/opt/rh/rh-ruby23/root/usr/share/gems/gems/puma-3.3.0/lib/puma/thread_pool.rb:111:in `block in spawn_thread'
[----] W, [2017-06-07T12:01:21.421342 #5801:14d1434]  WARN -- : MIQ(ManageIQ::Providers::Hawkular::MiddlewareManager#authentication_check_no_validation) type: ["default"] for [] [hawkular-SSL] Validation failed: error, Unable to verify credentials
[----] E, [2017-06-07T12:01:21.421514 #5801:14d1434] ERROR -- : MIQ(ems_middleware_controller-create): Credential validation was not successful: Unable to verify credentials

***********************************

Comment 4 Prachi 2017-06-07 16:37:40 UTC

1) Is hawkular configured ok on ssl?

Able to access Hawkular on IP:8443 but do not have documented command so that we can confirm if the steps followed are correct and it is working as expected.
Steps already described in description. However, Hawkular agent is also not connecting to server.

2) the issue is in miq side not able to validate/connect to it? Or both?

AS per above logs we can see that MIQ is not validating HS and giving error.

Comment 5 Prachi 2017-06-07 16:40:43 UTC

Created attachment 1285839 [details]
CFME logs

Note You need to log in before you can comment on or make changes to this bug.