Bug 996512 - PRD35 - [RFE] Need API to 'unlock' a running VM when connecting to it through the REST API
PRD35 - [RFE] Need API to 'unlock' a running VM when connecting to it through...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine-restapi (Show other bugs)
3.2.0
Unspecified Unspecified
unspecified Severity unspecified
: ---
: 3.5.0
Assigned To: Vinzenz Feenstra [evilissimo]
Artyom
virt
: FutureFeature, Improvement, Triaged
: 955261 (view as bug list)
Depends On: 1141541
Blocks: 1120927 rhev3.5beta 1156165
  Show dependency treegraph
 
Reported: 2013-08-13 06:29 EDT by Christophe Fergeau
Modified: 2015-06-30 02:29 EDT (History)
20 users (show)

See Also:
Fixed In Version: ovirt-engine-3.5.0_beta
Doc Type: Enhancement
Doc Text:
Users can now log in to a virtual machine (with guest agent installed) via the REST API, using the new 'logon' action. This functionality was already available in the UI. The Manager sends the login credentials to the guest agent, which starts a session of the guest operating system and unlocks the display.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-02-11 12:54:20 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
sherold: Triaged+


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 1281133 None None None Never
oVirt gerrit 28558 master MERGED restapi: Implement VmLogon Never

  None (edit)
Description Christophe Fergeau 2013-08-13 06:29:11 EDT
GNOME Boxes is using oVirt/RHEV REST API to get the SPICE connection credentials for VMs managed by an oVirt/RHEV instance.
When using the console from user portal/admin portal, if the rhev agent is running in the VM, the user is automatically logged into the desktop running into the VM (ie screen is unlocked, or GDM connection is done automatically).

I'd like to support this in Boxes, but I don't think it can directly talk to the rhev agent to achieve this, so having support for it in the REST API would be nice.
Comment 1 Itamar Heim 2013-08-13 08:34:48 EDT
I think we didn't expose the 'login' verb in the API as we were hoping spice would actually replace our SSO with spice based SSO...
Comment 2 Michal Skrivanek 2013-08-14 03:40:49 EDT
David, is SPICE based SSO still in the plan?
Comment 4 Christophe Fergeau 2013-09-10 03:31:25 EDT
(In reply to Andrew Cathrow from comment #3)
> Does boxes have a userid & password that they could pass to the VM?

Boxes needs the username/password used to connect to the oVirt web portal (to get access to the REST API). I don't know if this is what is needed.
Comment 6 Itamar Heim 2013-12-07 15:24:58 EST
the VmLogon command is called from user portal today.
michal - you will have to close this gap via the rest api anyway for porting the gui over the api...
Comment 8 Vinzenz Feenstra [evilissimo] 2014-06-11 04:58:06 EDT
Merged to u/s master as http://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=commit;h=4b9afadae3d78cc6fdba9ce8b12738dce0715b46
Comment 9 Vinzenz Feenstra [evilissimo] 2014-06-11 06:49:45 EDT
This adds a new method

POST with empty payload to http://${ENGINE_FQDN}/api/vms/${VMID}/logon

POST /api/vms/${VMID}/logon HTTP/1.1
Host: ${ENGINE_FQDN}
Content-Type: application/json
Content-Length: 2

{}
Comment 10 Artyom 2014-07-17 08:45:26 EDT
Hi, can you please describe flow for this action?
I have vm with rhel or windows with guest agent(if SSO under vm must be enable/disable) I run it and it's coming to stage where I need to enter credentials, on this stage I can use logon action? And if yes, it use the same credentials as engine?
Thanks
Comment 11 Vinzenz Feenstra [evilissimo] 2014-07-30 07:25:15 EDT
(In reply to Artyom from comment #10)
> Hi, can you please describe flow for this action?
> I have vm with rhel or windows with guest agent(if SSO under vm must be
> enable/disable) I run it and it's coming to stage where I need to enter
> credentials, on this stage I can use logon action? And if yes, it use the
> same credentials as engine?
> Thanks

Well you have to setup the VM to be able to do SSO, by installing the required plugins. On Windows you use the RHEV Guest Tools iso and install simply everything (that's the default, as far as I know)

The VM of course must be connected to the same Auth Domain (e.g. Active Directory) or you have to have at least the same user/password combination when the VM is not joined to a Domain.

The first stage which has to work (for testing) is that you can use the UserPortal to automatically log you in to the guest VM, when this does not work, then you have a problem with your setup already.

Once that works you can now use the RestAPI to log you in on the VM as well.

HTH
Comment 12 Artyom 2014-08-03 10:30:54 EDT
I see that I need rhevm-guest-agent-pam-rhev-cred rhevm-guest-agent-gdm-plugin-rhevcred packages, but I can't found anything similar for ovirt, if we have this packages also for ovirt?
Thanks
Comment 13 Vinzenz Feenstra [evilissimo] 2014-08-04 02:59:10 EDT
(In reply to Artyom from comment #12)
> I see that I need rhevm-guest-agent-pam-rhev-cred
> rhevm-guest-agent-gdm-plugin-rhevcred packages, but I can't found anything
> similar for ovirt, if we have this packages also for ovirt?
> Thanks

I don't know where you get those names from however these are not correct and I have never encountered them. 

You would need to install rhevm-guest-agent-gdm-plugin and rhevm-guest-agent-pam-module
In case of EL5, which does not support SSO, those packages won't be present.
Comment 14 Artyom 2014-08-04 03:13:58 EDT
I take it from redhat documentation, but it old name I think.
Also packages rhevm-guest-agent-gdm-plugin and rhevm-guest-agent-pam-module not included in ovirt repos.
If I will take this packages from rhevm repos it will work also for ovirt 3.5?
Comment 15 Vinzenz Feenstra [evilissimo] 2014-08-04 03:31:35 EDT
Of course are they not in the oVirt repos... These are the RHEVM guest agents.
If you want to use the upstream guest agent then you need to install:

ovirt-guest-agent-common
ovirt-guest-agent-gdm-plugin
ovirt-guest-agent-pam-module
Comment 16 Gil Klein 2014-11-02 12:53:35 EST
Returning back to ASSIGNED cause QE is currently blocked due to BZ #1141541
Please return back to ON_QA when fix is provided
Comment 17 Michal Skrivanek 2014-11-03 09:17:01 EST
A separate bug marked as a blocker is enough, the verification of this bug indeed depends on it, however there's no reason to reopen the feature (well, yet:)
As per discussion in bug 1131541 the bits delivered here seem to work fine
Comment 18 Artyom 2014-11-04 04:25:51 EST
Moved to assign because this bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1141541
Comment 19 Michal Skrivanek 2014-11-04 06:09:53 EST
see comment #17 (bug 1141541)
Comment 20 Artyom 2014-12-03 06:55:51 EST
Verified on rhevm-3.5.0-0.21.el6ev.noarch
Work with internal and also with ActiveDirectory domain.
Comment 22 errata-xmlrpc 2015-02-11 12:54:20 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0158.html
Comment 23 Michal Skrivanek 2015-06-30 02:29:46 EDT
*** Bug 955261 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.