Description of problem: Sep 26 13:23:39 localhost vdsmd_init_common.sh: Printing host uuid Sep 26 13:23:39 localhost vdsmd_init_common.sh: vdsm: stopped during execute check_is_configured task (task returned with error code 1). Sep 26 13:23:39 localhost daemonAdapter: Traceback (most recent call last): Sep 26 13:23:39 localhost daemonAdapter: File "/usr/share/vdsm/supervdsmServer", line 61, in <module> Sep 26 13:23:39 localhost daemonAdapter: from network.api import (addNetwork, delNetwork, editNetwork, setupNetworks, Sep 26 13:23:39 localhost daemonAdapter: File "/usr/share/vdsm/network/api.py", line 34, in <module> Sep 26 13:23:39 localhost daemonAdapter: File "/usr/share/vdsm/network/configurators/ifcfg.py", line 41, in <module> Sep 26 13:23:39 localhost daemonAdapter: File "/usr/lib/python2.7/site-packages/ovirt/node/utils/__init__.py", line 22, in <module> Sep 26 13:23:39 localhost daemonAdapter: File "/usr/lib/python2.7/site-packages/augeas.py", line 56, in <module> Sep 26 13:23:39 localhost daemonAdapter: File "/usr/lib/python2.7/site-packages/augeas.py", line 62, in Augeas Sep 26 13:23:39 localhost daemonAdapter: File "/usr/lib/python2.7/site-packages/augeas.py", line 53, in _dlopen Sep 26 13:23:39 localhost daemonAdapter: ImportError: Unable to import libpython2.7! Version-Release number of selected component (if applicable): rhev-hypervisor7-7.0-20140925.0.iso https://brewweb.devel.redhat.com/taskinfo?taskID=8025131 Additional data: - We tried to import from rhev-h IDLE or vdsm manually and it works
Created attachment 941677 [details] messages
Created attachment 941678 [details] supervdsm
Created attachment 941679 [details] ovirtlog2
Created attachment 941680 [details] ovirtlog1
Any hints in audit.log? Can you retry with `setenforce 0` (without Dan Walsh seeing)?
Hi Dan, It seems it get moved forward with selinux in Permissive mode but I will double check for sure as my environment is in the debug one. However, I have found other an issue in vdsmd_init_common.sh, please see below: Sep 26 19:27:51 localhost ntpd[3635]: 0.0.0.0 c618 08 no_sys_peer Sep 26 19:27:51 localhost vdsmd_init_common.sh: vdsm: Running syslog_available Sep 26 19:27:51 localhost vdsmd_init_common.sh: vdsm: Running nwfilter Sep 26 19:27:52 localhost vdsmd_init_common.sh: vdsm: Running dummybr Sep 26 19:27:53 localhost vdsmd_init_common.sh: vdsm: Running load_needed_modules Sep 26 19:27:53 localhost vdsmd_init_common.sh: vdsm: Running tune_system Sep 26 19:27:53 localhost vdsmd_init_common.sh: vdsm: Running test_space Sep 26 19:27:53 localhost vdsmd_init_common.sh: vdsm: Running test_lo Sep 26 19:27:53 localhost vdsmd_init_common.sh: vdsm: Running unified_network_persistence_upgrade Sep 26 19:27:54 localhost vdsmd_init_common.sh: vdsm: Running restore_nets Sep 26 19:27:55 localhost vdsmd_init_common.sh: Traceback (most recent call last): Sep 26 19:27:55 localhost vdsmd_init_common.sh: File "/usr/share/vdsm/vdsm-restore-net-config", line 137, in <module> Sep 26 19:27:55 localhost vdsmd_init_common.sh: restore() Sep 26 19:27:55 localhost vdsmd_init_common.sh: File "/usr/share/vdsm/vdsm-restore-net-config", line 123, in restore Sep 26 19:27:55 localhost vdsmd_init_common.sh: unified_restoration() Sep 26 19:27:55 localhost vdsmd_init_common.sh: File "/usr/share/vdsm/vdsm-restore-net-config", line 66, in unified_restoration Sep 26 19:27:55 localhost vdsmd_init_common.sh: persistentConfig.bonds) Sep 26 19:27:55 localhost vdsmd_init_common.sh: File "/usr/share/vdsm/vdsm-restore-net-config", line 91, in _filter_nets_bonds Sep 26 19:27:55 localhost vdsmd_init_common.sh: bonds[bond]['nics'], net) Sep 26 19:27:55 localhost vdsmd_init_common.sh: KeyError: u'' Sep 26 19:27:55 localhost vdsmd_init_common.sh: vdsm: stopped during execute restore_nets task (task returned with error code 1). Sep 26 19:27:55 localhost systemd: vdsmd.service: control process exited, code=exited status=1 Sep 26 19:27:55 localhost systemd: Failed to start Virtual Desktop Server Manager. @Toni could be related to your change for tests?
(In reply to Douglas Schilling Landgraf from comment #6) > Hi Dan, > > It seems it get moved forward with selinux in Permissive mode but I will > double check for sure as my environment is in the debug one. However, I have > found other an issue in vdsmd_init_common.sh, please see below: Hey, I also found some time today. And It seems that this import error really is an selinux problem. If I change to permissive mode, then the error is gone, enabling it leads to the problem again. The reason why no denials appear in audit.log could be that the denials are "Blocked" by dontaudit rules.
I think that due to the subject of this bug (the issue in comment 6 is unrelated to that and deserves a look separately), the bug should be moved so it is handled by the selinux team.
Lukas, can you help us understand what in selinux blocks python's import? Fabian, can you desable dontaudit and try to reproduce?
(In reply to Dan Kenigsberg from comment #9) > Lukas, can you help us understand what in selinux blocks python's import? > > Fabian, can you desable dontaudit and try to reproduce? I need to see how to do this, but I'll try.
I am not sure how this bug can be reproduced, btu DOuglas: When trying you can disable the dontauditrules by running semodule -DB Afterwards just try to reproduce this bug and catch the audit log.
The problem of https://bugzilla.redhat.com/show_bug.cgi?id=1147059#c6 has been dealt with in the latest patch to https://bugzilla.redhat.com/show_bug.cgi?id=1144639
Moving this to ovirt-node because we need to take crae of the correct selinux rules. Setting this to TestOnly, because we've got several patches related also to other bugs which could fix this bug.
oVirt 3.5 has been released and should include the fix for this issue.