zVM Cloud Connector

Call to revoke grant to vswitch at delete guest

Bug #1820072 reported by Herald ten Dam on 2019-03-14

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	zVM Cloud Connector	Fix Committed	Medium	Unassigned

Bug Description

Hi,

during a delete from a guest we got an error. We saw the next call:
{'errmsg': "SMUT request failed. RequestData: 'SMAPI CLDCONO1 API "
'Virtual_Network_Vswitch_Set_Extended --operands -k '
"switch_name=VSR1BHH -k revoke_userid=SLD505T -k
persist=YES', "

We didn't authorize this API because we use DNA for vswitches by defining NICDEF's inside the profile we include by making a user. By using DNA we don't need the grant anymore for a vswitch.

So I think the CC is based on the somewhat old fashioned method of granting/revoking.

I think CC must also think of going to use DNA for deployment of guests.

Greetings
Herald

Revision history for this message

jichenjc (jichenjc) wrote on 2019-03-15:

I assume you are talking about
https://www.ibm.com/support/knowledgecenter/en/SSB27U_7.1.0/com.ibm.zvm.v710.hcpa6/hcpa6dna.htm?

if yes, maybe we can use a config to control this behavior , default to true and you can set it to false as far as I know, the z/VM 7.1 added this feature and zcc still support 6.4 as well

Changed in python-zvm-sdk:
importance:	Undecided → Medium
status:	New → Confirmed

Revision history for this message

Herald ten Dam (damsteen) wrote on 2019-03-15:

That is the DNA, available since August 2017 on z/VM per APARs VM65925, VM65926, and VM65931.

My choice would be to use always DNA if it is ENABLED (QUERY VMLAN). It is much easier to handle, because only user directory needs to be updated, no other sets are necessary.

I think you should also take into account that by using DNA there are more options for the NICDEF for a guest for example VLAN. These parameters needs also be added to other functions for guests and vswitches.

Thanks in advance
Herald

Revision history for this message

jichenjc (jichenjc) wrote on 2019-03-18:

ok, first part should be much easier if we can use some command to query

the other part might take some time (VLAN etc), need check with document first and see what's eligible ..

Revision history for this message

jichenjc (jichenjc) wrote on 2019-03-26:

https://review.gerrithub.io/c/mfcloud/python-zvm-sdk/+/449148

jichenjc (jichenjc) on 2019-03-29

Changed in python-zvm-sdk:
status:	Confirmed → Fix Committed

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.