Bug 1559374
| Summary: | ovs package update complains openvswitch user not exist | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | zenghui.shi <zshi> |
| Component: | openvswitch | Assignee: | Aaron Conole <aconole> |
| Status: | CLOSED ERRATA | QA Contact: | Rick Alongi <ralongi> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 7.4 | CC: | aconole, apevec, atelang, atragler, augol, ctrautma, fbaudin, fzdarsky, jhsiao, pvauter, sathlang, skramaja, vchundur, yrachman, yroblamo |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | openvswitch-2.9.0-27.el7fdn | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-06-21 13:36:35 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
It will also need to modify the /etc/sysconfig/ Ideally, it will also need to modify the /etc/sysconfig/openvswitch file, the same it is doing for the postinstall tasks If the change is implemented on upgrade, it will need to avoid the restart openvswitch services as part of it. As it will cut network connection, that's not acceptable. So the change needed there is to create user/group, change config file, and then let users restart the services by themselves. (In reply to Yolanda Robla from comment #3) > Ideally, it will also need to modify the /etc/sysconfig/openvswitch file, > the same it is doing for the postinstall tasks I believe no, package update should not enforce the user migration. It should be left to the user, in our case tripleo should update it. But user and group could be created even during the package update. Agreed with Saravan, here. The update should *not* force migrate the user. Even assuming we can 100% be certain the end user hasn't implemented their own type of user, we can't be 100% certain we won't break something about their setup (either directories being used, or alternative configurations). Open vSwitch package upgrade should not be restarting the daemons anyway. Do you see that happening with 2.7+? It may have happened with 2.6, although I think we fixed it by that point. (In reply to Saravanan KR from comment #5) > (In reply to Yolanda Robla from comment #3) > > Ideally, it will also need to modify the /etc/sysconfig/openvswitch file, > > the same it is doing for the postinstall tasks > > I believe no, package update should not enforce the user migration. It > should be left to the user, in our case tripleo should update it. But user > and group could be created even during the package update. 'openvswitch' user is required when updating ovs package to 2.8, otherwise it will complain 'openvswitch' user not exist. with that, I think we need 'openvswitch' user be created during package update, just like it's created with fresh installation. IIUC, openvswitch and qemu user share the same group 'hugetlbfs' in ovs 2.8 onwards; then who will be responsible to create 'hugetlbfs' group? I believe either ovs nor qemu shall do that during their package update, instead, tripleo should do the creation of 'hugetlbfs' group before updating both packages. as for user migration, when do we expect the user can be migrated ? with the workaround in tripleo, it has been ensured that openvswitch service will not be restarted during package update (if there is a postuninstall script to try restart ovs service), then we will still be running old ovs version and old config after package update, but do we allow operator to restart ovs service after package update ? if yes, which user and group will ovs use after service restart ? if not, do we expect a reboot right after tripleo minor update (along with ovs package update) to make new ovs config be available? maybe the right place to insert new ovs config is before minor update reboot and after ovs package update, and only allow reboot to make all new config available. Re Saravanan and Aaron. If we don't force the user to change user/group in /etc/sysconfig/openvswitch, why should then create those users? From your comments, i understand it may be optional and users could run in their own way. Then, what's the point of creating user/group if we don't enforce the config file? I still see it as "do everything" or "do nothing", in terms of the ovs package changes. setting needinfo per comment #9 Generally when a package is installed, all the related users and groups should be created with the installation, which implies that when openvswitch package is present in node, user 'openvswitch' and group 'hugetlbfs' should exist. But it is upto the user to run it with the default recommended user or not. IMO, user group creation should not be linked with how the user is intend to use it. related upstream PR https://github.com/openvswitch/ovs/pull/223 posted by Aaron to ovs-dev [PATCH v3] rhel: user/group openvswitch does not exist Merged to fdn tree as of build 2.9.0-27 You can check for the warning messages about missing user when doing a dnf installation on a clean system. Clean means, you'll need to remove the openvswitch user/group and the hugetlbfs group. Verified using openvswitch-2.9.0-47.el7fdp.x86_64.rpm. Details below: [root@netqe11 ~]# cat bz1559374.sh #!/bin/bash starting_ovs_rpm="http://download-node-02.eng.bos.redhat.com/brewroot/packages/openvswitch/2.7.3/3.git20180112.el7fdp/x86_64/openvswitch-2.7.3-3.git20180112.el7fdp.x86_64.rpm" target_ovs_version=$1 cleanup_ovs() { for bridge in $(ovs-vsctl list-br); do ovs-vsctl del-br $bridge; done systemctl stop openvswitch yum -y remove openvswitch rm -Rf /etc/openvswitch rm -Rf /var/log/openvswitch rm -f /etc/sysconfig/openvswitch if [[ $(cut -d: -f1 /etc/group | grep hugetlbfs) ]]; then groupdel hugetlbfs; fi if [[ $(cut -d: -f1 /etc/group | grep openvswitch) ]]; then userdel openvswitch; fi } cleanup_ovs yum -y install $starting_ovs_rpm systemctl start openvswitch yum -y update $target_ovs_version ## Reproduce problem when updating from openvswitch 2.7.3.3 FDP to openvswitch 2.9.0.19 FDP (warning messages assert): [root@netqe11 ~]# ./bz1559374.sh http://download-node-02.eng.bos.redhat.com/brewroot/packages/openvswitch/2.9.0/19.el7fdp/x86_64/openvswitch-2.9.0-19.el7fdp.x86_64.rpm Loaded plugins: product-id, search-disabled-repos, subscription-manager This system is not registered with an entitlement server. You can use subscription-manager to register. Resolving Dependencies --> Running transaction check ---> Package openvswitch.x86_64 0:2.9.0-47.el7fdp will be erased --> Finished Dependency Resolution Dependencies Resolved ========================================================================================== Package Arch Version Repository Size ========================================================================================== Removing: openvswitch x86_64 2.9.0-47.el7fdp installed 22 M Transaction Summary ========================================================================================== Remove 1 Package Installed size: 22 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Erasing : openvswitch-2.9.0-47.el7fdp.x86_64 1/1 Verifying : openvswitch-2.9.0-47.el7fdp.x86_64 1/1 Removed: openvswitch.x86_64 0:2.9.0-47.el7fdp Complete! Loaded plugins: product-id, search-disabled-repos, subscription-manager This system is not registered with an entitlement server. You can use subscription-manager to register. openvswitch-2.7.3-3.git20180112.el7fdp.x86_64.rpm | 4.3 MB 00:00:00 Examining /var/tmp/yum-root-qlj7Yg/openvswitch-2.7.3-3.git20180112.el7fdp.x86_64.rpm: openvswitch-2.7.3-3.git20180112.el7fdp.x86_64 Marking /var/tmp/yum-root-qlj7Yg/openvswitch-2.7.3-3.git20180112.el7fdp.x86_64.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package openvswitch.x86_64 0:2.7.3-3.git20180112.el7fdp will be installed --> Finished Dependency Resolution Dependencies Resolved ========================================================================================== Package Arch Version Repository Size ========================================================================================== Installing: openvswitch x86_64 2.7.3-3.git20180112.el7fdp /openvswitch-2.7.3-3.git20180112.el7fdp.x86_64 18 M Transaction Summary ========================================================================================== Install 1 Package Total size: 18 M Installed size: 18 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : openvswitch-2.7.3-3.git20180112.el7fdp.x86_64 1/1 Verifying : openvswitch-2.7.3-3.git20180112.el7fdp.x86_64 1/1 Installed: openvswitch.x86_64 0:2.7.3-3.git20180112.el7fdp Complete! Loaded plugins: product-id, search-disabled-repos, subscription-manager This system is not registered with an entitlement server. You can use subscription-manager to register. openvswitch-2.9.0-19.el7fdp.x86_64.rpm | 6.3 MB 00:00:00 Examining /var/tmp/yum-root-qlj7Yg/openvswitch-2.9.0-19.el7fdp.x86_64.rpm: openvswitch-2.9.0-19.el7fdp.x86_64 Marking /var/tmp/yum-root-qlj7Yg/openvswitch-2.9.0-19.el7fdp.x86_64.rpm as an update to openvswitch-2.7.3-3.git20180112.el7fdp.x86_64 Resolving Dependencies --> Running transaction check ---> Package openvswitch.x86_64 0:2.7.3-3.git20180112.el7fdp will be updated ---> Package openvswitch.x86_64 0:2.9.0-19.el7fdp will be an update --> Finished Dependency Resolution Dependencies Resolved ========================================================================================== Package Arch Version Repository Size ========================================================================================== Updating: openvswitch x86_64 2.9.0-19.el7fdp /openvswitch-2.9.0-19.el7fdp.x86_64 21 M Transaction Summary ========================================================================================== Upgrade 1 Package Total size: 21 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Updating : openvswitch-2.9.0-19.el7fdp.x86_64 1/2 warning: user openvswitch does not exist - using root warning: group openvswitch does not exist - using root warning: user openvswitch does not exist - using root warning: group openvswitch does not exist - using root chown: invalid user: ‘openvswitch:openvswitch’ Cleanup : openvswitch-2.7.3-3.git20180112.el7fdp.x86_64 2/2 Verifying : openvswitch-2.9.0-19.el7fdp.x86_64 1/2 Verifying : openvswitch-2.7.3-3.git20180112.el7fdp.x86_64 2/2 Updated: openvswitch.x86_64 0:2.9.0-19.el7fdp Complete! ######################################################################### Verify fix when updating from openvswitch 2.7.3.3 FDP to openvswitch 2.9.0.47 FDP (no warning messages assert): [root@netqe11 ~]# ./bz1559374.sh http://download-node-02.eng.bos.redhat.com/brewroot/packages/openvswitch/2.9.0/47.el7fdp/x86_64/openvswitch-2.9.0-47.el7fdp.x86_64.rpm Loaded plugins: product-id, search-disabled-repos, subscription-manager This system is not registered with an entitlement server. You can use subscription-manager to register. Resolving Dependencies --> Running transaction check ---> Package openvswitch.x86_64 0:2.9.0-19.el7fdp will be erased --> Finished Dependency Resolution Dependencies Resolved ========================================================================================== Package Arch Version Repository Size ========================================================================================== Removing: openvswitch x86_64 2.9.0-19.el7fdp installed 21 M Transaction Summary ========================================================================================== Remove 1 Package Installed size: 21 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Erasing : openvswitch-2.9.0-19.el7fdp.x86_64 1/1 Verifying : openvswitch-2.9.0-19.el7fdp.x86_64 1/1 Removed: openvswitch.x86_64 0:2.9.0-19.el7fdp Complete! Loaded plugins: product-id, search-disabled-repos, subscription-manager This system is not registered with an entitlement server. You can use subscription-manager to register. openvswitch-2.7.3-3.git20180112.el7fdp.x86_64.rpm | 4.3 MB 00:00:00 Examining /var/tmp/yum-root-qlj7Yg/openvswitch-2.7.3-3.git20180112.el7fdp.x86_64.rpm: openvswitch-2.7.3-3.git20180112.el7fdp.x86_64 Marking /var/tmp/yum-root-qlj7Yg/openvswitch-2.7.3-3.git20180112.el7fdp.x86_64.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package openvswitch.x86_64 0:2.7.3-3.git20180112.el7fdp will be installed --> Finished Dependency Resolution Dependencies Resolved ========================================================================================== Package Arch Version Repository Size ========================================================================================== Installing: openvswitch x86_64 2.7.3-3.git20180112.el7fdp /openvswitch-2.7.3-3.git20180112.el7fdp.x86_64 18 M Transaction Summary ========================================================================================== Install 1 Package Total size: 18 M Installed size: 18 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : openvswitch-2.7.3-3.git20180112.el7fdp.x86_64 1/1 Verifying : openvswitch-2.7.3-3.git20180112.el7fdp.x86_64 1/1 Installed: openvswitch.x86_64 0:2.7.3-3.git20180112.el7fdp Complete! Loaded plugins: product-id, search-disabled-repos, subscription-manager This system is not registered with an entitlement server. You can use subscription-manager to register. openvswitch-2.9.0-47.el7fdp.x86_64.rpm | 6.4 MB 00:00:00 Examining /var/tmp/yum-root-qlj7Yg/openvswitch-2.9.0-47.el7fdp.x86_64.rpm: openvswitch-2.9.0-47.el7fdp.x86_64 Marking /var/tmp/yum-root-qlj7Yg/openvswitch-2.9.0-47.el7fdp.x86_64.rpm as an update to openvswitch-2.7.3-3.git20180112.el7fdp.x86_64 Resolving Dependencies --> Running transaction check ---> Package openvswitch.x86_64 0:2.7.3-3.git20180112.el7fdp will be updated ---> Package openvswitch.x86_64 0:2.9.0-47.el7fdp will be an update --> Finished Dependency Resolution Dependencies Resolved ========================================================================================== Package Arch Version Repository Size ========================================================================================== Updating: openvswitch x86_64 2.9.0-47.el7fdp /openvswitch-2.9.0-47.el7fdp.x86_64 22 M Transaction Summary ========================================================================================== Upgrade 1 Package Total size: 22 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Updating : openvswitch-2.9.0-47.el7fdp.x86_64 1/2 Cleanup : openvswitch-2.7.3-3.git20180112.el7fdp.x86_64 2/2 Verifying : openvswitch-2.9.0-47.el7fdp.x86_64 1/2 Verifying : openvswitch-2.7.3-3.git20180112.el7fdp.x86_64 2/2 Updated: openvswitch.x86_64 0:2.9.0-47.el7fdp Complete! Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:1962 |
Description of problem: When updating openvswitch package from 2.7 to 2.8, yum update complains openvswitch user not exist, and fail to execute cmd 'chown -R openvswitch:openvswitch /etc/openvswitch' in package scriptlet. This means an openvswitch user shall be created first by administrator in order to update ovs package correctly. This is also causing problem for layer products like tripleo/director to handle ovs package update, as it has to create special cases in order to update the package. [root@nfvsdn-17 ~]# rpm -q --scripts openvswitch postinstall scriptlet (using /bin/sh): if [ $1 -eq 1 ]; then getent passwd openvswitch >/dev/null || \ useradd -r -d / -s /sbin/nologin -c "Open vSwitch Daemons" openvswitch sed -i 's:^#OVS_USER_ID=:OVS_USER_ID=:' /etc/sysconfig/openvswitch getent group hugetlbfs >/dev/null || \ groupadd hugetlbfs usermod -a -G hugetlbfs openvswitch sed -i \ 's@OVS_USER_ID="openvswitch:openvswitch"@OVS_USER_ID="openvswitch:hugetlbfs"@'\ /etc/sysconfig/openvswitch fi # Package %files sets /etc/openvswitch to root:root in installation and upgrade so # we always need to reset ownership chown -R openvswitch:openvswitch /etc/openvswitch if [ $1 -eq 1 ] ; then # Initial installation systemctl preset openvswitch.service >/dev/null 2>&1 || : fi preuninstall scriptlet (using /bin/sh): if [ $1 -eq 0 ] ; then # Package removal, not upgrade systemctl --no-reload disable openvswitch.service > /dev/null 2>&1 || : systemctl stop openvswitch.service > /dev/null 2>&1 || : fi postuninstall scriptlet (using /bin/sh): systemctl daemon-reload >/dev/null 2>&1 || : if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart openvswitch.service >/dev/null 2>&1 || : fi [root@nfvsdn-17 ~]# rpm -qa | grep openvswitch openvswitch-2.8.2-1.el7.x86_64 Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: the user creation be handled both in package update and fresh installation. Additional info: