Bug 1378821

Summary: Controller replacement procedure fails during pcs cluster node add overcloud-controller-3: Disabling SBD failed
Product: Red Hat OpenStack Reporter: Marius Cornea <mcornea>
Component: rhosp-directorAssignee: Angus Thomas <athomas>
Status: CLOSED CURRENTRELEASE QA Contact: Omri Hochman <ohochman>
Severity: high Docs Contact:
Priority: unspecified    
Version: 10.0 (Newton)CC: dbecker, jschluet, mburns, mcornea, michele, morazi, rhel-osp-director-maint
Target Milestone: ---   
Target Release: 10.0 (Newton)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-10-12 13:43:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Marius Cornea 2016-09-23 10:35:19 UTC 
Description of problem:
Controller replacement procedure fails during pcs cluster node add overcloud-controller-3: Disabling SBD failed

Version-Release number of selected component (if applicable):
pcs-0.9.152-6.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Run controller replacement procedure

Actual results:
Fails while running pcs cluster node add overcloud-controller-3:

Disabling SBD service...
Error: overcloud-controller-3: Disabling SBD failed


Expected results:


Additional info:
This issue has been addressed by BZ#1372054 and it's fixed in pcs-0.9.152-8.el7.x86_64. I filed this BZ so we make sure to include this version in the overcloud image.
Comment 2 Jon Schlueter 2016-09-23 11:46:08 UTC 
This was seen in CI logs for different job but might be related

type=USER_AVC msg=audit(1474554603.513:155): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  { disable } for auid=n/a uid=0 gid=0 cmdline="systemctl disable sbd.service" scontext=system_u:system_r:cluster_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=service  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
Comment 3 Michele Baldessari 2016-09-23 12:04:37 UTC 
I can confirm that in rhel-7.3 we will have pcs-0.9.152-10 or newer, so we should be good here (mcornea tested with -8 and it was okay)
Comment 4 Michele Baldessari 2016-09-23 12:30:58 UTC 
(In reply to Jon Schlueter from comment #2)
> This was seen in CI logs for different job but might be related
> 
> type=USER_AVC msg=audit(1474554603.513:155): pid=1 uid=0 auid=4294967295
> ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  { disable
> } for auid=n/a uid=0 gid=0 cmdline="systemctl disable sbd.service"
> scontext=system_u:system_r:cluster_t:s0 tcontext=system_u:system_r:init_t:s0
> tclass=service  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=?
> terminal=?'

Which version of selinux-policy and openstack-selinux was installed at the time of the message? Also can you reproduce it with a newer pcs version? (i.e. pcs-0.9.152-10 or newer). If you can reproduce with a newer version we definitely want to look into it
Comment 6 Michele Baldessari 2016-10-12 13:41:42 UTC 
# wget http://rhos-release.virt.bos.redhat.com/ci-images/rhos-10/2016-10-07.4/overcloud-full.tar

# tar xf overcloud-full.tar 
# virt-customize -a overcloud-full.qcow2 --run-command 'rpm -qa > /tmp/rpm.txt'
# virt-copy-out -a overcloud-full.qcow2 /tmp/rpm.txt .
# grep pcs- rpm.txt
pcs-0.9.152-10.el7.x86_64


Marius, okay to close this since new pcs is in a recent overcloud image?