Bug 1558500

Summary: httpd configuration is not updated on upgrade
Product: [oVirt] ovirt-engine Reporter: Yedidyah Bar David <didi>
Component: Setup.EngineAssignee: Yedidyah Bar David <didi>
Status: CLOSED CURRENTRELEASE QA Contact: Jiri Belka <jbelka>
Severity: high Docs Contact:
Priority: high    
Version: 4.2.0CC: bugs, lsvaty
Target Milestone: ovirt-4.2.3Flags: rule-engine: ovirt-4.2+
rule-engine: exception+
Target Release: 4.2.3.2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ovirt-engine-4.2.3.2 Doc Type: If docs needed, set a value
Doc Text:
engine-setup now checks if apache httpd's ssl.conf file needs updates also on upgrades, prompts accordingly, and applies the updates as needed.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2018-05-10 06:33:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Integration RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Yedidyah Bar David 2018-03-20 10:56:52 UTC 
Description of problem:

$summary.

This affects specifically:

1. Adding ovirt-requests-log to ssl.conf, bug 1347631.

2. Disabling TLSv1.0, bug 1388456.

So systems upgraded from 4.0 will not have these two configured.

Version-Release number of selected component (if applicable):

All versions in principle. In practice:

- Between 3.3 and 3.6 we didn't change httpd conf much

- Upgrade from el6 to el7 was not possible, which was usually done at 3.6->4.0. engine-backup was changed to make engine-setup always ask during restore, bug 1318580.

- Upgrades from 4.0 are later are affected.

How reproducible:
Always

Steps to Reproduce:
1. Install and setup 4.0 or 4.1 engine
2. Upgrade to a later version
3. grep -E 'CustomLog logs/ovirt-requests-log|^SSLProtocol' /etc/httpd/conf.d/ssl.conf

Actual results:

engine-setup does not ask about, nor reconfigure, apache httpd.

Output of the command in step 3 is empty.

Expected results:

engine-setup checks if changes are needed, queries the user if so, and reconfigures.

Output in step 3 is identical to the output of the same command on a clean 4.2 setup, which is:

SSLProtocol all -SSLv3 -TLSv1
CustomLog logs/ovirt-requests-log  "%t %h \"Correlation-Id: %{Correlation-Id}o\" \"Duration: %Dus\" \"%r\" %b"

Additional info:

Current behavior was introduced deliberately, by the following patch:

https://gerrit.ovirt.org/#/q/Iadae29234702c35fbead6bdb45eccffed895a109,n,z

which was included since 3.4.
Comment 1 Jiri Belka 2018-04-20 10:16:01 UTC 
ok, tested through ovirt-engine-4.1.11.2-0.1.el7.noarch to ovirt-engine-4.2.3.2-0.1.el7.noarch
Comment 2 Jiri Belka 2018-04-20 10:16:35 UTC 
(In reply to Jiri Belka from comment #1)
> ok, tested through ovirt-engine-4.1.11.2-0.1.el7.noarch to
> ovirt-engine-4.2.3.2-0.1.el7.noarch

on 4.1.11 i manually changed httpd.conf and verified after upgrade
Comment 3 Sandro Bonazzola 2018-05-10 06:33:27 UTC 
This bugzilla is included in oVirt 4.2.3 release, published on May 4th 2018.

Since the problem described in this bug report should be
resolved in oVirt 4.2.3 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.