Bug 1660378

Summary: [RFE] Use sha256 for uninstall information in engine-setup, engine-cleanup etc.
Product: [oVirt] ovirt-engine Reporter: Yedidyah Bar David <didi>
Component: Setup.CoreAssignee: Yedidyah Bar David <didi>
Status: CLOSED CURRENTRELEASE QA Contact: Petr Kubica <pkubica>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 4.2.3CC: bugs, didi, pkubica, yturgema
Target Milestone: ovirt-4.3.0Keywords: FutureFeature
Target Release: ---Flags: sbonazzo: ovirt-4.3?
rule-engine: planning_ack?
sbonazzo: devel_ack+
lsvaty: testing_ack+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ovirt-engine-4.3.0_rc Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-03-13 16:37:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Integration RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1672251    
Bug Blocks: 1444449    
Attachments:
Description Flags
engine-cleanup log none

Description Yedidyah Bar David 2018-12-18 08:58:49 UTC 
Description of problem:

Currently (in 4.2), engine-setup and related utils save a set of files that track configuration files written by them, including an MD5 hash of the files fully-written by them.

This information is used by engine-cleanup and by ovirt-engine-rename, and might be used in the future elsewhere, when deciding whether it's safe to assume that we can automatically remove/edit a file.

We want to change the hash algorithm to be SHA256, mainly to allow being FIPS-compliant.

Some of the work to do this was already done in current master branch, including :

https://gerrit.ovirt.org/95408 - always read these files (not only in engine-cleanup), support also SHA256 (but do not use it yet)

https://gerrit.ovirt.org/95492 - use the information read by previous patch in engine-cleanup

https://gerrit.ovirt.org/96193 - Default to SHA256 for files written by engine-setup. This patch does not update the existing information, so is not enough for upgrade. The current decision is that we do not need/want to support moving existing setups to be FIPS-compliant, so that's ok.

Still remaining is ovirt-engine-rename. It's currently broken. We have to change it to use the information from the first patch as well, instead of it having a partial copy of that code.

Verification:

engine-cleanup already prompts about files it wants to remove, if they were changed externally. Also ovirt-engine-rename prompts, about files it wants to modify, if they were changed externally. So make sure they continue to do this properly, including when the same file was manually modified between runs of engine-setup, and with changes done both in <= 4.2 and in 4.3 (current master). E.g. something like:

1. setup 4.2 engine

2. edit some file it wrote (e.g. /etc/ovirt-engine/ovirt-vmconsole-proxy-helper.conf.d/10-setup.conf . Can even just add an empty line).

3. Upgrade to 4.3

4. edit this file again

5. engine-cleanup and/or ovirt-engine-rename

Make sure they both prompt about this file.
Comment 1 Yedidyah Bar David 2018-12-24 06:25:36 UTC 
Setting doc text -, no need to provide many details here. We can briefly mention this in the FIPS tracker bug.
Comment 2 Yedidyah Bar David 2019-01-23 11:05:58 UTC 
*** Bug 1613219 has been marked as a duplicate of this bug. ***
Comment 3 Yedidyah Bar David 2019-01-23 11:06:52 UTC 
QE: See also bug 1613219 comment 2 and 4.
Comment 4 Sandro Bonazzola 2019-02-12 07:54:42 UTC 
Anything blocking this bugfix verification?
Comment 5 Petr Kubica 2019-02-14 12:06:57 UTC 
I'm working on it right now, but I think I met an issue:

I used steps from comment #0 with RHV 4.2 -> 4.3 upgrade

[ INFO  ] Stage: Initializing
[ INFO  ] Stage: Environment setup
          Configuration files: ['/etc/ovirt-engine-setup.conf.d/10-packaging-wsp.conf', '/etc/ovirt-engine-setup.conf.d/10-packaging.conf', '/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf']
          Log file: /var/log/ovirt-engine/setup/ovirt-engine-remove-20190214130018-mekscb.log
          Version: otopi-1.8.0 (otopi-1.8.0-1.el7ev)
[ INFO  ] Stage: Environment packages setup
[ INFO  ] Stage: Programs detection
[ INFO  ] Stage: Environment customization
          Do you want to remove all components? (Yes, No) [Yes]: 
[ ERROR ] Failed to execute stage 'Environment customization': 'changed'
[ INFO  ] Stage: Clean up
          Log file is located at /var/log/ovirt-engine/setup/ovirt-engine-remove-20190214130018-mekscb.log
[ INFO  ] Generating answer file '/var/lib/ovirt-engine/setup/answers/20190214130020-cleanup.conf'
[ INFO  ] Stage: Pre-termination
[ INFO  ] Stage: Termination
[ ERROR ] Execution of cleanup failed

Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/otopi/context.py", line 133, in _executeMethod
    method['method']()
  File "/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-remove/base/files/simple.py", line 240, in _customization
    if info['changed']
KeyError: 'changed'


during cleanup it failed on keyError
attached also logs
Comment 6 Petr Kubica 2019-02-14 12:07:36 UTC 
Created attachment 1534783 [details]
engine-cleanup log
Comment 7 Petr Kubica 2019-02-14 12:14:30 UTC 
Forgot mention version:
ovirt-engine-setup-4.3.0.4-0.1.el7.noarch
ovirt-engine-setup-base-4.3.0.4-0.1.el7.noarch
ovirt-engine-setup-plugin-ovirt-engine-common-4.3.0.4-0.1.el7.noarch
ovirt-engine-4.3.0.4-0.1.el7.noarch
Comment 8 Yedidyah Bar David 2019-02-17 06:36:58 UTC 
(In reply to Petr Kubica from comment #5)
> I'm working on it right now, but I think I met an issue:
> 
> I used steps from comment #0 with RHV 4.2 -> 4.3 upgrade
> 
> [ INFO  ] Stage: Initializing
> [ INFO  ] Stage: Environment setup
>           Configuration files:
> ['/etc/ovirt-engine-setup.conf.d/10-packaging-wsp.conf',
> '/etc/ovirt-engine-setup.conf.d/10-packaging.conf',
> '/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf']
>           Log file:
> /var/log/ovirt-engine/setup/ovirt-engine-remove-20190214130018-mekscb.log
>           Version: otopi-1.8.0 (otopi-1.8.0-1.el7ev)
> [ INFO  ] Stage: Environment packages setup
> [ INFO  ] Stage: Programs detection
> [ INFO  ] Stage: Environment customization
>           Do you want to remove all components? (Yes, No) [Yes]: 
> [ ERROR ] Failed to execute stage 'Environment customization': 'changed'
> [ INFO  ] Stage: Clean up
>           Log file is located at
> /var/log/ovirt-engine/setup/ovirt-engine-remove-20190214130018-mekscb.log
> [ INFO  ] Generating answer file
> '/var/lib/ovirt-engine/setup/answers/20190214130020-cleanup.conf'
> [ INFO  ] Stage: Pre-termination
> [ INFO  ] Stage: Termination
> [ ERROR ] Execution of cleanup failed
> 
> Traceback (most recent call last):
>   File "/usr/lib/python2.7/site-packages/otopi/context.py", line 133, in
> _executeMethod
>     method['method']()
>   File
> "/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-remove/base/files/
> simple.py", line 240, in _customization
>     if info['changed']
> KeyError: 'changed'
> 
> 
> during cleanup it failed on keyError
> attached also logs

Already fixed in current master, see bug 1672251 comment 4.
Comment 9 Petr Kubica 2019-03-06 15:28:10 UTC 
Verified in ovirt-engine-4.3.2-0.1.el7.noarch
Comment 10 Sandro Bonazzola 2019-03-13 16:37:44 UTC 
This bugzilla is included in oVirt 4.3.0 release, published on February 4th 2019.

Since the problem described in this bug report should be
resolved in oVirt 4.3.0 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.