DescriptionGermano Veit Michel
2018-02-07 06:19:42 UTC
+++ This bug was initially created as a clone of Bug #1519784 +++
Description of problem:
If SELINUX is disabled, upgrade of node fails.
Version-Release number of selected component (if applicable):
4.1.1.1
How reproducible:
Always
Steps to Reproduce:
1. Install oVirt Node
2. Disable SELINUX
3. Try to upgrade oVirt Node
Actual results:
Upgrade fails
###
2017-11-28 17:25:28,372 [DEBUG] (MainThread) Returned:
2017-11-28 17:25:28,434 [DEBUG] (MainThread) Creating /home as {'attach': True, 'size': '1G'}
2017-11-28 17:25:28,434 [DEBUG] (MainThread) Calling binary: (['vgs', '--noheadings', '@imgbased:volume', '-o', 'lv_full_name'],) {'stderr': <open file '/dev/null', mode 'w' at 0x7fa2d1ad8ed0>}
2017-11-28 17:25:28,434 [DEBUG] (MainThread) Calling: (['vgs', '--noheadings', '@imgbased:volume', '-o', 'lv_full_name'],) {'close_fds': True, 'stderr': <open file '/dev/null', mode 'w' at 0x7fa2d1ad8ed0>}
2017-11-28 17:25:28,533 [DEBUG] (MainThread) Returned: onn/home
onn/tmp
onn/var_log
onn/var_log_audit
2017-11-28 17:25:28,533 [DEBUG] (MainThread) Calling binary: (['umount', '-l', '/etc'],) {}
2017-11-28 17:25:28,534 [DEBUG] (MainThread) Calling: (['umount', '-l', '/etc'],) {'close_fds': True, 'stderr': -2}
2017-11-28 17:25:28,539 [DEBUG] (MainThread) Returned:
2017-11-28 17:25:28,540 [DEBUG] (MainThread) Calling binary: (['umount', '-l', u'/tmp/mnt.tuHU8'],) {}
2017-11-28 17:25:28,540 [DEBUG] (MainThread) Calling: (['umount', '-l', u'/tmp/mnt.tuHU8'],) {'close_fds': True, 'stderr': -2}
2017-11-28 17:25:28,635 [DEBUG] (MainThread) Returned:
2017-11-28 17:25:28,635 [DEBUG] (MainThread) Calling binary: (['rmdir', u'/tmp/mnt.tuHU8'],) {}
2017-11-28 17:25:28,635 [DEBUG] (MainThread) Calling: (['rmdir', u'/tmp/mnt.tuHU8'],) {'close_fds': True, 'stderr': -2}
2017-11-28 17:25:28,640 [DEBUG] (MainThread) Returned:
2017-11-28 17:25:28,641 [ERROR] (MainThread) Failed to migrate etc
Traceback (most recent call last):
File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/plugins/osupdater.py", line 109, in on_new_layer
check_nist_layout(imgbase, new_lv)
File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/plugins/osupdater.py", line 179, in check_nist_layout
v.create(t, paths[t]["size"], paths[t]["attach"])
File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/volume.py", line 48, in create
"Path is already a volume: %s" % where
AssertionError: Path is already a volume: /home
2017-11-28 17:25:28,642 [DEBUG] (MainThread) Calling binary: (['umount', '-l', u'/tmp/mnt.bEW2k'],) {}
2017-11-28 17:25:28,642 [DEBUG] (MainThread) Calling: (['umount', '-l', u'/tmp/mnt.bEW2k'],) {'close_fds': True, 'stderr': -2}
2017-11-28 17:25:29,061 [DEBUG] (MainThread) Returned:
2017-11-28 17:25:29,061 [DEBUG] (MainThread) Calling binary: (['rmdir', u'/tmp/mnt.bEW2k'],) {}
2017-11-28 17:25:29,061 [DEBUG] (MainThread) Calling: (['rmdir', u'/tmp/mnt.bEW2k'],) {'close_fds': True, 'stderr': -2}
2017-11-28 17:25:29,067 [DEBUG] (MainThread) Returned:
2017-11-28 17:25:29,067 [DEBUG] (MainThread) Calling binary: (['umount', '-l', u'/tmp/mnt.UB5Yg'],) {}
2017-11-28 17:25:29,067 [DEBUG] (MainThread) Calling: (['umount', '-l', u'/tmp/mnt.UB5Yg'],) {'close_fds': True, 'stderr': -2}
2017-11-28 17:25:29,625 [DEBUG] (MainThread) Returned:
2017-11-28 17:25:29,625 [DEBUG] (MainThread) Calling binary: (['rmdir', u'/tmp/mnt.UB5Yg'],) {}
2017-11-28 17:25:29,626 [DEBUG] (MainThread) Calling: (['rmdir', u'/tmp/mnt.UB5Yg'],) {'close_fds': True, 'stderr': -2}
2017-11-28 17:25:29,631 [DEBUG] (MainThread) Returned:
Traceback (most recent call last):
File "/usr/lib64/python2.7/runpy.py", line 162, in _run_module_as_main
"__main__", fname, loader, pkg_name)
File "/usr/lib64/python2.7/runpy.py", line 72, in _run_code
exec code in run_globals
File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/__main__.py", line 53, in <module>
CliApplication()
File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/__init__.py", line 82, in CliApplication
app.hooks.emit("post-arg-parse", args)
File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/hooks.py", line 120, in emit
cb(self.context, *args)
File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/plugins/update.py", line 56, in post_argparse
base_lv, _ = LiveimgExtractor(app.imgbase).extract(args.FILENAME)
File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/plugins/update.py", line 118, in extract
"%s" % size, nvr)
File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/plugins/update.py", line 99, in add_base_with_tree
new_layer_lv = self.imgbase.add_layer(new_base)
File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/imgbase.py", line 191, in add_layer
self.hooks.emit("new-layer-added", prev_lv, new_lv)
File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/hooks.py", line 120, in emit
cb(self.context, *args)
File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/plugins/osupdater.py", line 123, in on_new_layer
raise ConfigMigrationError()
imgbased.plugins.osupdater.ConfigMigrationError
$semanage permissive -a setfiles_t
SELinux: Could not downgrade policy file /etc/selinux/targeted/policy/policy.30, searching for an older version.
SELinux: Could not open policy file <= /etc/selinux/targeted/policy/policy.30: No such file or directory
/sbin/load_policy: Can't load policy: No such file or directory
libsemanage.semanage_reload_policy: load_policy returned error code 2. (No such file or directory).
SELinux: Could not downgrade policy file /etc/selinux/targeted/policy/policy.30, searching for an older version.
SELinux: Could not open policy file <= /etc/selinux/targeted/policy/policy.30: No such file or directory
/sbin/load_policy: Can't load policy: No such file or directory
libsemanage.semanage_reload_policy: load_policy returned error code 2. (No such file or directory).
OSError: No such file or directory
###
Expected results:
Upgrade / Update should work
Additional info:
--- Additional comment from Ryan Barry on 2017-12-01 08:14:27 EST ---
The traceback here is misleading. Please remove the NIST LVs before attempting to upgrade again.
Why is selinux disabled? We can patch around this by checking in SELinuxContext, but oVirt Node runs without problems with SELinux enabled.
--- Additional comment from Kilian Ries on 2017-12-01 09:58:26 EST ---
Yes that is right, it was not the right imgbased-log. I have another one where i removed the LVs before upgrade.
SELINUX is disabled because of a third party package which i installed via yum (wich is not compatible with SELINUX) ...
--- Additional comment from Huijuan Zhao on 2017-12-04 03:37:59 EST ---
QE can reproduce this issue.
Test version:
From: ovovirt-node-ng-installer-ovirt-4.1-pre-2017101110.iso
To: ovirt-node-ng-image-update-4.2.0-0.3.beta.20171115142956.gitba54278.el7.centos.noarch.rpm
Test steps:
1. Install ovovirt-node-ng-installer-ovirt-4.1-pre-2017101110.iso
2. Disable selinux
# getenforce
Disabled
3. Upgrade ovirt-node to ovovirt-node-ng-image-update-4.2.0-0.3.beta.20171115142956.gitba54278.el7.centos.noarch.rpm
Actual results:
After step3, upgrade failed.
# yum install ovirt-node to ovovirt-node-ng-image-update-4.2.0-0.3.beta.20171115142956.gitba54278.el7.centos.noarch.rpm
...
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : ovirt-node-ng-image-update-4.2.0-0.3.beta.20171115142956.gitba54278.el7.centos.noarch 1/2
warning: %post(ovirt-node-ng-image-update-4.2.0-0.3.beta.20171115142956.gitba54278.el7.centos.noarch) scriptlet failed, exit status 1
Non-fatal POSTIN scriptlet failure in rpm package ovirt-node-ng-image-update-4.2.0-0.3.beta.20171115142956.gitba54278.el7.centos.noarch
Erasing : ovirt-node-ng-image-update-placeholder-4.1.7-0.3.rc3.20171010112718.git2411e97.el7.centos.noarch 2/2
Verifying : ovirt-node-ng-image-update-4.2.0-0.3.beta.20171115142956.gitba54278.el7.centos.noarch 1/2
Verifying : ovirt-node-ng-image-update-placeholder-4.1.7-0.3.rc3.20171010112718.git2411e97.el7.centos.noarch 2/2
Installed:
ovirt-node-ng-image-update.noarch 0:4.2.0-0.3.beta.20171115142956.gitba54278.el7.centos
Replaced:
ovirt-node-ng-image-update-placeholder.noarch 0:4.1.7-0.3.rc3.20171010112718.git2411e97.el7.centos
Complete!
Expected results:
After step3, can upgrade successful.
--- Additional comment from Huijuan Zhao on 2018-01-30 02:46:47 EST ---
Test version:
From: rhvh-4.1-0.20171101.0
To: rhvh-4.2.1.2-0.20180126.0
imgbased-1.0.8-0.1.el7ev.noarch
Test steps:
Same as Comment 3
Test results:
After Step3, can upgrade successful.
So this bug is fixed in rhvh-4.2.1.2-0.20180126.0, change the status to VERIFIED.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHSA-2018:1524