Bug 1691933 - /etc/sudoers.d/50_vdsm_hook_ovirt_provider_ovn_hook is missing the commands of ovirt_provider_ovn_vhostuser_hook
Summary: /etc/sudoers.d/50_vdsm_hook_ovirt_provider_ovn_hook is missing the commands o...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: ovirt-provider-ovn
Classification: oVirt
Component: driver
Version: 1.2.7
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: ovirt-4.3.7
: 1.2.25
Assignee: Andrej Cernek
QA Contact: msheena
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-03-22 21:00 UTC by Dominik Holler
Modified: 2019-11-21 12:44 UTC (History)
7 users (show)

Fixed In Version: ovirt-provider-ovn-1.2.25
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-11-21 12:44:33 UTC
oVirt Team: Network
sbonazzo: ovirt-4.3?


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
oVirt gerrit 101820 0 master MERGED fix sudoers file for vdsm-hook 2019-07-17 10:50:38 UTC

Description Dominik Holler 2019-03-22 21:00:27 UTC
Description of problem:
ovirt_provider_ovn_vhostuser_hook.py and delete_vhostuserclient_hook.py calls `sudo ovs-vsctl`, but this is not allowed by the suders file.


Steps to Reproduce:
1. Uninstall vdsm-hook-openstacknet on a host
2. Start a VM with an ovn network on this host

Actual results:
Starting VM fails with:
 INFO  (vm/e54f8a2d) [root] /usr/libexec/vdsm/hooks/before_device_create/20_ovirt_provider_ovn_vhostuser_hook: rc=1 err=Traceback (most recent call last):
  File "/usr/libexec/vdsm/hooks/before_device_create/20_ovirt_provider_ovn_vhostuser_hook", line 134, in <module>
    main()
  File "/usr/libexec/vdsm/hooks/before_device_create/20_ovirt_provider_ovn_vhostuser_hook", line 120, in main
    if not is_netdev_datapath():
  File "/usr/libexec/vdsm/hooks/before_device_create/20_ovirt_provider_ovn_vhostuser_hook", line 110, in is_netdev_datapath
    data, headings = list_ovs_table('bridge')
  File "/usr/libexec/vdsm/hooks/before_device_create/20_ovirt_provider_ovn_vhostuser_hook", line 42, in list_ovs_table
    exec_cmd('ovs-vsctl', '--format=json', 'list', table)[0]
  File "/usr/libexec/vdsm/hooks/before_device_create/20_ovirt_provider_ovn_vhostuser_hook", line 36, in exec_cmd
    (args, err))
RuntimeError: Failed to execute ('ovs-vsctl', '--format=json', 'list', 'bridge'), due to: ['sudo: a password is required']
 (hooks:114)

Expected results:
VM starts

Additional info:

Comment 1 msheena 2019-08-04 12:33:31 UTC
Verified with
==============
ovirt-engine-4.3.6-0.1.el7.noarch
ovirt-provider-ovn-1.2.25-1.el7ev.noarch

rhv-openvswitch-2.11-5.el7ev.noarch
rhv-python-openvswitch-2.11-5.el7ev.noarch
openvswitch2.11-2.11.0-9.el7fdp.x86_64

Comment 2 Dominik Holler 2019-09-04 06:48:50 UTC
Changing target milestone because bug 1744235 blocks 1.2.25 being part of ovirt-4.3.6.

Comment 6 Sandro Bonazzola 2019-11-21 12:44:33 UTC
This bugzilla is included in oVirt 4.3.7 release, published on November 21st 2019.

Since the problem described in this bug report should be
resolved in oVirt 4.3.7 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.