Bug 1469561
Summary: | [GANESHA] Upgrade nfs-ganesha from 3.2 to 3.2 async is breaking due to selinux boolean ganesha_use_fusefs in off state | |||
---|---|---|---|---|
Product: | [Red Hat Storage] Red Hat Gluster Storage | Reporter: | Manisha Saini <msaini> | |
Component: | nfs-ganesha | Assignee: | Kaleb KEITHLEY <kkeithle> | |
Status: | CLOSED WONTFIX | QA Contact: | Manisha Saini <msaini> | |
Severity: | unspecified | Docs Contact: | ||
Priority: | unspecified | |||
Version: | rhgs-3.2 | CC: | amukherj, dang, jthottan, kkeithle, lvrabec, msaini, rcyriac, rhinduja, rhs-bugs, skoduri, storage-qa-internal | |
Target Milestone: | --- | Keywords: | ZStream | |
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Release Note | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1470040 1470136 (view as bug list) | Environment: | ||
Last Closed: | 2017-07-14 04:12:28 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1470040, 1470136 |
Description
Manisha Saini
2017-07-11 13:51:18 UTC
Fresh setup installation with 3.2 async works fine ganesha_use_fusefs boolean is set to on while doing gluster nfs-ganesha enable. # semanage boolean -l | grep ganesha ganesha_use_fusefs (on , on) Allow ganesha to use fusefs Issue is only observed in upgrade path This is what I think is happening during an update: According to the yum logs the system first had selinux-policy-targeted-3.13.1-102.el7_3.16. There is no ganesha_use_fusefs in this package. Then the system was updated to RHEL-7.4. glusterfs-ganesha was updated at 18:00:12. Then at 18:00:37 selinux-policy-targeted was updated to 3.13.1-166.el7. This has ganesha_use_fusefs. ganesha_use_fusefs still wasn't available when glusterfs-ganesha was updated so the semanage command (silently) failed. rpm only allows a 'Requires: selinux-policy-targeted >= NV'. I.e. NV = 3.13.1. It doesn't allow a 'Requires: selinux-policy-targeted >= NVR'. I.e. NVR = 3.13.1-166. Thus, for the purposes of upgrading, 3.13.1-102.el7_3.16 satisfies the Requires: but doesn't have the necessary ganesha_fuse_fusefs for the %post to work. Of course on a fresh install you will get the correct version of selinux-policy-targeted and everything works as expected. Off the top of my head the only way to force selinux-policy-targeted to be updated before glusterfs-ganesha is to explicitly update it first, before applying the rest of the update. IOW this has to be prominently documented in the Release Notes. Perhaps Lukas can suggest some trick to make selinux-policy-targeted update before glusterfs-ganesha? Kaleb, Yum update will pull all the packages all at once,ganesha and selinux packages. We cannot only update the selinux package first followed by ganesha package. However after upgrading both selinux and ganesha packages,we can document to enable this boolean manually before doing gluster nfs-ganesha enable. I will verify this steps manually too following the upgrade path. Need your opinion on this... I believe Lukas' suggestion of using the %trigger to run the semanage command after selinux-policy-targeted is updated will fix this. Verified the path from 3.2 to 3.2 async. After upgrade from 3.2 to 3.2 async, setting boolean ganesha_use_fusefs to ON manually before enabling ganesha,works fine. Raising the documentation bug for 3.2 async to set this boolean on manually after upgrade Raised the documentation bug for the same for 3.2 async- https://bugzilla.redhat.com/show_bug.cgi?id=1470146 |