Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1906394

Summary: websocket proxy service - [Errno 13] Permission denied
Product: Red Hat Enterprise Virtualization Manager Reporter: Michael Vollmer <mivollme>
Component: DocumentationAssignee: Steve Goodman <sgoodman>
Status: CLOSED CURRENTRELEASE QA Contact: Guilherme Santos <gdeolive>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.4.2CC: ahadas, ctomasko, didi, fromani, gdeolive, lsurette, mhicks, sgoodman, srevivo
Target Milestone: ovirt-4.4.6Keywords: Documentation, EasyFix, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-05-12 13:23:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Integration RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michael Vollmer 2020-12-10 12:27:48 UTC 
Description of problem:
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/administration_guide/index#Replacing_the_Manager_CA_Certificate has a missing step.
In "Replacing the Red Hat Virtualization Manager Apache CA Certificate" step 8 we copy they certificate but don't check ownership nor permission.

Version-Release number of selected component (if applicable):
ovirt-engine-websocket-proxy-4.4.2.6-0.2.el8ev.noarch

How reproducible:
always

Steps to Reproduce:
1. follow the docs

Actual results:
- see that novnc console does not work (something went wrong)
- # journalctl -u ovirt-websocket-proxy.service|grep -i Errno
Dec 09 15:58:02 rhvm1.example.com ovirt-websocket-proxy.py[2136316]: ovirt-websocket-proxy[2137092] INFO msg:887 handler exception: [Errno 13] Permission denied
Dec 09 15:58:02 rhvm1.example.com ovirt-websocket-proxy.py[2136316]: ovirt-websocket-proxy[2137093] INFO msg:887 handler exception: [Errno 13] Permission denied


Expected results:
novnc console works and no errors in journalctl

Additional info: possible solutions to include in step 8:
1. chown root:ovirt /etc/pki/ovirt-engine/certs/apache.cer
OR
2. chmod 644 /etc/pki/ovirt-engine/certs/apache.cer
Comment 1 Yedidyah Bar David 2021-01-10 13:05:13 UTC 
(In reply to Michael Vollmer from comment #0)
> Additional info: possible solutions to include in step 8:
> 1. chown root:ovirt /etc/pki/ovirt-engine/certs/apache.cer
> OR
> 2. chmod 644 /etc/pki/ovirt-engine/certs/apache.cer

I agree. IMO we want _both_ (not "OR"). Should be after current step 8's command and before step 9 - can be inside step 8 or as a new step, I don't mind.

These commands might or might not be required, depending on your umask, etc., but I can't see a reason to not always include them.

Thanks!
Comment 2 Steve Goodman 2021-04-08 12:03:11 UTC 
I made some edits and merged the branch, but then I realized that this change requires QE verfication, so I created a new merge request with the changes:

https://gitlab.cee.redhat.com/rhci-documentation/docs-Red_Hat_Enterprise_Virtualization/-/merge_requests/1944
Comment 3 Steve Goodman 2021-04-25 13:23:13 UTC 
Gui,

Please verify that the procedure works as documented. See comment 2.
Comment 5 Steve Goodman 2021-05-18 06:38:44 UTC 
The changes requested have been merged into master and published. Comment 4 indicates that QE does not have resourced to verify the changes are in: https://gitlab.cee.redhat.com/rhci-documentation/docs-Red_Hat_Enterprise_Virtualization/-/merge_requests/1943