Bug 1478339

Summary: capabilities of /usr/bin/ping got corrupted after upgrade from 4.1.2 async to 4.1.3
Product: [oVirt] ovirt-node Reporter: RamaKasturi <knarra>
Component: Installation & UpdateAssignee: Ryan Barry <rbarry>
Status: CLOSED CURRENTRELEASE QA Contact: Yihui Zhao <yzhao>
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.1CC: bugs, cshao, dguo, huzhao, jiawu, obockows, qiyuan, weiwang, yaniwang, ycui, yzhao
Target Milestone: ovirt-4.1.4-1Flags: rule-engine: ovirt-4.1?
ycui: testing_plan_complete?
knarra: planning_ack?
rbarry: devel_ack+
cshao: testing_ack+
Target Release: 4.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: imgbased-0.9.41-0.1.el7ev Doc Type: Bug Fix
Doc Text:
Cause: In order to make upgrades faster, RHV-H changed from using rsync to tar when syncing the new layer. Consequence: Though --xattrs was used, the suid bit was not synced on updating. Fix: RHV-H now syncs all extended attributes. Result: All extended attributes are properly set.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-23 08:01:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Node RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1411323, 1485863    

Description RamaKasturi 2017-08-04 11:10:26 UTC 
Description of problem:
Once RHV-H is upgraded from 4.1.2 async to 4.1.3 i see that Hosted Engine Ha score goes to 1800 and this is due to the reason that ha broker process does not have permissions to run ping command.

After executing the following command on the host Hosted Engine score became 3400.

# chmod 4755 ll /usr/bin/ping

Version-Release number of selected component (if applicable):
imgbase w
2017-08-04 16:14:28,315 [INFO] You are on rhvh-4.1-0.20170706.0+1

[root@rhsqa-grafton4 ~]# cat /etc/os-release 
NAME="Red Hat Enterprise Linux"
VERSION="7.3"
VERSION_ID="7.3"
ID="rhel"
ID_LIKE="fedora"
VARIANT="Red Hat Virtualization Host"
VARIANT_ID="ovirt-node"
PRETTY_NAME="Red Hat Virtualization Host 4.1 (el7.3)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:7.3:GA:hypervisor"
HOME_URL="https://www.redhat.com/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"

# FIXME
REDHAT_BUGZILLA_PRODUCT="Red Hat Virtualization"
REDHAT_BUGZILLA_PRODUCT_VERSION=7.3
REDHAT_SUPPORT_PRODUCT="Red Hat Virtualization"
REDHAT_SUPPORT_PRODUCT_VERSION=7.3


How reproducible:
Always

Steps to Reproduce:
1. Install RHHI using RHV-H 4.1.2 async ISO
2. Now upgrade RHV-H ISO to 4.1.3.
3.

Actual results:
Hosted Engine HA score changes to 1800 due to the fact the ha broker is not able to run ping command.

Expected results:
Hosted engine HA score should be 3400 and /usr/bin/ping should have proper permissions.

Additional info:
Comment 1 Red Hat Bugzilla Rules Engine 2017-08-04 13:37:57 UTC 
Target release should be placed once a package build is known to fix a issue. Since this bug is not modified, the target version has been reset. Please use target milestone to plan a fix for a oVirt release.
Comment 2 Yihui Zhao 2017-08-07 03:33:13 UTC 
I can reproduce.

Test version:
iputils-20160308-8.el7.x86_64
imgbased-0.9.33-0.1.el7ev.noarch
4.1.2 async version:
rhvh-4.1-0.20170616.0
 +- rhvh-4.1-0.20170616.0+1
4.1.3 version:
rhvh-4.1-0.20170706.0
 +- rhvh-4.1-0.20170706.0+1

Test steps:
1. Install 4.1.2 async rhvh(0616).
2. Deploy HostedEngine
3. Add the additional two hosts to the cluster
4. Migrate HE-VM , upgrade rhvh to 4.1.3 version(0706)
5. Check HE status, agent.log

Actual results:
1. The metadata score changed to 1800 which is set 3400 before upgrade.
--== Host 1 status ==--

conf_on_shared_storage             : True
Status up-to-date                  : True
Hostname                           : dhcp-66-150-175.nay.redhat.com
Host ID                            : 1
Engine status                      : {"reason": "vm not running on this host", "health": "bad", "vm": "down", "detail": "unknown"}
Score                              : 1800
stopped                            : False
Local maintenance                  : False
crc32                              : 7454d657
local_conf_timestamp               : 3292
Host timestamp                     : 3277
Extra metadata (valid at timestamp):
	metadata_parse_version=1
	metadata_feature_version=1
	timestamp=3277 (Mon Aug  7 11:28:11 2017)
	host-id=1
	score=1800
	vm_conf_refresh_time=3292 (Mon Aug  7 11:28:26 2017)
	conf_on_shared_storage=True
	maintenance=False
	state=EngineDown
	stopped=False

2. /usr/bin/ping got corrupted:
[root@dell-per730-35 ~]# getcap /usr/bin/ping
[root@dell-per730-35 ~]# 


Additional info:
1. Reinstall the package "iputils" can solve the problem.
[root@dell-per730-35 opt]# rpm -e iputils-20160308-8.el7.x86_64 --nodeps
[root@dell-per730-35 opt]# ls
iputils-20160308-8.el7.x86_64.rpm
[root@dell-per730-35 opt]# rpm -ivh iputils-20160308-8.el7.x86_64.rpm 
Preparing...                          ################################# [100%]
Updating / installing...
   1:iputils-20160308-8.el7           ################################# [100%]
[root@dell-per730-35 opt]# getcap /usr/bin/ping
/usr/bin/ping = cap_net_admin,cap_net_raw+p
Comment 3 Yihui Zhao 2017-08-09 03:06:48 UTC 
Test version:
rhvh-4.1-0.20170808.0+1
imgbased-0.9.41-0.1.el7ev.noarch
ovirt-imageio-common-1.0.0-0.el7ev.noarch
cockpit-ovirt-dashboard-0.10.7-0.0.21.el7ev.noarch
python-ovirt-engine-sdk4-4.1.5-1.el7ev.x86_64
ovirt-setup-lib-1.1.3-1.el7ev.noarch
ovirt-vmconsole-1.0.4-1.el7ev.noarch
ovirt-vmconsole-host-1.0.4-1.el7ev.noarch
ovirt-node-ng-nodectl-4.1.4-0.20170726.0.el7.noarch
ovirt-imageio-daemon-1.0.0-0.el7ev.noarch
ovirt-hosted-engine-setup-2.1.3.5-1.el7ev.noarch
ovirt-engine-sdk-python-3.6.9.1-1.el7ev.noarch
ovirt-hosted-engine-ha-2.1.4-1.el7ev.noarch
ovirt-host-deploy-1.6.6-1.el7ev.noarch

Test steps:
1. Install RHVH(rhvh-4.0-0.20170307.0)
2. Upgrade to the latest RHVH(rhvh-4.1-0.20170808.0+1)
3. Check the ping function( getcap /usr/bin/ping)

Result:
After step3, capabilities of /usr/bin/ping don't got corrupted and work well.
[root@hp-dl385pg8-14 ~]# getcap /usr/bin/ping
/usr/bin/ping = cap_net_admin,cap_net_raw+p


So, change the bug's status to VERIFIED.