Created attachment 1198101 [details] screenshot in rhvm side Description of problem: RHVH status is Non Responsive in RHVM side after RHVH upgrade Version-Release number of selected component (if applicable): 1. Before update: RHVH-4.0-20160822.8-RHVH-x86_64-dvd1.iso imgbased-0.8.4-1.el7ev.noarch redhat-virtualization-host-image-update-placeholder-4.0-2.el7.noarch kernel-3.10.0-327.28.2.el7.x86_64 2. After update: redhat-virtualization-host-4.0-20160826.0 imgbased-0.8.4-1.el7ev.noarch redhat-virtualization-host-image-update-placeholder-4.0-2.el7.noarch kernel-3.10.0-493.el7.x86_64 How reproducible: 100% Steps to Reproduce: 1. Install RHVH RHVH-4.0-20160822.8-RHVH-x86_64-dvd1.iso 2. Reboot and login RHVH, add RHVH to RHVM successful 3. Login RHVH, setup local repos 4. Update RHVH to redhat-virtualization-host-4.0-20160826.0: # yum update 5. Reboot and login RHVH, check RHVH status in RHVM side Actual results: 1. After step5, RHVH status is Non Responsive in RHVM side Expected results: 1. After step5, RHVH status should be UP in RHVM side Additional info: After update, check the vdsmd.service status is inactive: # systemctl status vdsmd.service ● vdsmd.service - Virtual Desktop Server Manager Loaded: loaded (/usr/lib/systemd/system/vdsmd.service; enabled; vendor preset: enabled) Active: failed (Result: start-limit) since Tue 2016-09-06 07:09:30 GMT; 15s ago Process: 3152 ExecStartPre=/usr/libexec/vdsm/vdsmd_init_common.sh --pre-start (code=exited, status=1/FAILURE) Sep 06 07:09:29 dhcp-10-16.nay.redhat.com systemd[1]: vdsmd.service: control process exited, code=exited status=1 Sep 06 07:09:29 dhcp-10-16.nay.redhat.com systemd[1]: Failed to start Virtual Desktop Server Manager. Sep 06 07:09:29 dhcp-10-16.nay.redhat.com systemd[1]: Unit vdsmd.service entered failed state. Sep 06 07:09:29 dhcp-10-16.nay.redhat.com systemd[1]: vdsmd.service failed. Sep 06 07:09:30 dhcp-10-16.nay.redhat.com systemd[1]: vdsmd.service holdoff time over, scheduling restart. Sep 06 07:09:30 dhcp-10-16.nay.redhat.com systemd[1]: start request repeated too quickly for vdsmd.service Sep 06 07:09:30 dhcp-10-16.nay.redhat.com systemd[1]: Failed to start Virtual Desktop Server Manager. Sep 06 07:09:30 dhcp-10-16.nay.redhat.com systemd[1]: Unit vdsmd.service entered failed state. Sep 06 07:09:30 dhcp-10-16.nay.redhat.com systemd[1]: vdsmd.service failed.
Created attachment 1198102 [details] All logs and sosreport
Created attachment 1198103 [details] log in rhvm side
Update vdsm and rhvm version: 1. vdsm version: Before update: vdsm-4.18.11-1.el7ev.x86_64 After update: vdsm-4.18.11-1.el7ev.x86_64 2. rhvm version: Red Hat Virtualization Manager Version: 4.0.4-0.1.el7ev
This bug report has Keywords: Regression or TestBlocker. Since no regressions or test blockers are allowed between releases, it is also being identified as a blocker for this release. Please resolve ASAP.
Can you please grab /var/log/messages or journalctl around this time? It would be interesting to see what vdsm dependency is failing.
(In reply to Ryan Barry from comment #5) > Can you please grab /var/log/messages or journalctl around this time? It > would be interesting to see what vdsm dependency is failing. Please refer to attachment for detailed info(journalctl and /var/log/messages)
Created attachment 1202767 [details] journalctl and /var/log/messages
Looks like vdsm is not happy with sebool modules. Yaniv, any hint for this one? Sep 20 07:58:27 dhcp-10-16 vdsmd_init_common.sh: from vdsm import vdscli Sep 20 07:58:27 dhcp-10-16 vdsmd_init_common.sh: Error: Sep 20 07:58:27 dhcp-10-16 vdsmd_init_common.sh: One of the modules is not configured to work with VDSM. Sep 20 07:58:27 dhcp-10-16 vdsmd_init_common.sh: To configure the module use the following: Sep 20 07:58:27 dhcp-10-16 vdsmd_init_common.sh: 'vdsm-tool configure [--module module-name]'. Sep 20 07:58:27 dhcp-10-16 vdsmd_init_common.sh: If all modules are not configured try to use: Sep 20 07:58:27 dhcp-10-16 vdsmd_init_common.sh: 'vdsm-tool configure --force' Sep 20 07:58:27 dhcp-10-16 vdsmd_init_common.sh: (The force flag will stop the module's service and start it Sep 20 07:58:27 dhcp-10-16 vdsmd_init_common.sh: afterwards automatically to load the new configuration.) Sep 20 07:58:27 dhcp-10-16 vdsmd_init_common.sh: Current revision of multipath.conf detected, preserving Sep 20 07:58:27 dhcp-10-16 vdsmd_init_common.sh: libvirt is already configured for vdsm Sep 20 07:58:27 dhcp-10-16 vdsmd_init_common.sh: Modules sebool are not configured Sep 20 07:58:27 dhcp-10-16 vdsmd_init_common.sh: vdsm: stopped during execute check_is_configured task (task returned with error code 1). Sep 20 07:58:27 dhcp-10-16 systemd: vdsmd.service: control process exited, code=exited status=1 Sep 20 07:58:27 dhcp-10-16 systemd: Failed to start Virtual Desktop Server Manager. Sep 20 07:58:27 dhcp-10-16 systemd: Dependency failed for MOM instance configured for VDSM purposes. Sep 20 07:58:27 dhcp-10-16 systemd: Job mom-vdsm.service/start failed with result 'dependency'. Sep 20 07:58:27 dhcp-10-16 systemd: Unit vdsmd.service entered failed state. Sep 20 07:58:27 dhcp-10-16 systemd: vdsmd.service failed. Sep 20 07:58:27 dhcp-10-16 systemd: vdsmd.service holdoff time over, scheduling restart. Sep 20 07:58:27 dhcp-10-16 systemd: start request repeated too quickly for vdsmd.service Sep 20 07:58:27 dhcp-10-16 systemd: Failed to start Virtual Desktop Server Manager. Sep 20 07:58:27 dhcp-10-16 systemd: Dependency failed for MOM instance configured for VDSM purposes. Sep 20 07:58:27 dhcp-10-16 systemd: Job mom-vdsm.service/start failed with result 'dependency'. Sep 20 07:58:27 dhcp-10-16 systemd: Unit vdsmd.service entered failed state. Sep 20 07:58:27 dhcp-10-16 systemd: vdsmd.service failed.
> Sep 20 07:58:27 dhcp-10-16 systemd: Dependency failed for MOM instance configured for VDSM purposes. > Sep 20 07:58:27 dhcp-10-16 systemd: Job mom-vdsm.service/start failed with result 'dependency'. The dependency failure means that MOM was not able (allowed) to start, because it depends on VDSM and VDSM failed.
Before upgrade ======================= # cat /etc/redhat-release Red Hat Enterprise Linux release 7.2 # rpm -qa | grep -i vdsm vdsm-4.18.11-1.el7ev.x86_64 vdsm-hook-vhostmd-4.18.11-1.el7ev.noarch vdsm-hook-openstacknet-4.18.11-1.el7ev.noarch vdsm-jsonrpc-4.18.11-1.el7ev.noarch vdsm-python-4.18.11-1.el7ev.noarch vdsm-yajsonrpc-4.18.11-1.el7ev.noarch vdsm-api-4.18.11-1.el7ev.noarch vdsm-infra-4.18.11-1.el7ev.noarch vdsm-cli-4.18.11-1.el7ev.noarch vdsm-hook-fcoe-4.18.11-1.el7ev.noarch vdsm-hook-vmfex-dev-4.18.11-1.el7ev.noarch vdsm-hook-ethtool-options-4.18.11-1.el7ev.noarch vdsm-xmlrpc-4.18.11-1.el7ev.noarch # getenforce Enforcing # vdsm-tool is-configured --module sebool /usr/lib/python2.7/site-packages/vdsm/tool/dump_volume_chains.py:28: DeprecationWarning: vdscli uses xmlrpc. since ovirt 3.6 xmlrpc is deprecated, please use vdsm.jsonrpcvdscli from vdsm import vdscli # getsebool -a abrt_anon_write --> off abrt_handle_event --> off abrt_upload_watch_anon_write --> on antivirus_can_scan_system --> off antivirus_use_jit --> off auditadm_exec_content --> on authlogin_nsswitch_use_ldap --> off authlogin_radius --> off authlogin_yubikey --> off awstats_purge_apache_log_files --> off boinc_execmem --> on cdrecord_read_content --> off cluster_can_network_connect --> off cluster_manage_all_files --> off cluster_use_execmem --> off cobbler_anon_write --> off cobbler_can_network_connect --> off cobbler_use_cifs --> off cobbler_use_nfs --> off collectd_tcp_network_connect --> off condor_tcp_network_connect --> off conman_can_network --> off cron_can_relabel --> off cron_system_cronjob_use_shares --> off cron_userdomain_transition --> on cups_execmem --> off cvs_read_shadow --> off daemons_dump_core --> off daemons_enable_cluster_mode --> off daemons_use_tcp_wrapper --> off daemons_use_tty --> off dbadm_exec_content --> on dbadm_manage_user_files --> off dbadm_read_user_files --> off deny_execmem --> off deny_ptrace --> off dhcpc_exec_iptables --> off dhcpd_use_ldap --> off domain_fd_use --> on domain_kernel_load_modules --> off entropyd_use_audio --> on exim_can_connect_db --> off exim_manage_user_files --> off exim_read_user_files --> off fcron_crond --> off fenced_can_network_connect --> off fenced_can_ssh --> off fips_mode --> on ftp_home_dir --> off ftpd_anon_write --> off ftpd_connect_all_unreserved --> off ftpd_connect_db --> off ftpd_full_access --> off ftpd_use_cifs --> off ftpd_use_fusefs --> off ftpd_use_nfs --> off ftpd_use_passive_mode --> off git_cgi_enable_homedirs --> off git_cgi_use_cifs --> off git_cgi_use_nfs --> off git_session_bind_all_unreserved_ports --> off git_session_users --> off git_system_enable_homedirs --> off git_system_use_cifs --> off git_system_use_nfs --> off gitosis_can_sendmail --> off glance_api_can_network --> off glance_use_execmem --> off glance_use_fusefs --> off global_ssp --> off gluster_anon_write --> off gluster_export_all_ro --> off gluster_export_all_rw --> on gpg_web_anon_write --> off gssd_read_tmp --> on guest_exec_content --> on haproxy_connect_any --> off httpd_anon_write --> off httpd_builtin_scripting --> on httpd_can_check_spam --> off httpd_can_connect_ftp --> off httpd_can_connect_ldap --> off httpd_can_connect_mythtv --> off httpd_can_connect_zabbix --> off httpd_can_network_connect --> off httpd_can_network_connect_cobbler --> off httpd_can_network_connect_db --> off httpd_can_network_memcache --> off httpd_can_network_relay --> off httpd_can_sendmail --> off httpd_dbus_avahi --> off httpd_dbus_sssd --> off httpd_dontaudit_search_dirs --> off httpd_enable_cgi --> on httpd_enable_ftp_server --> off httpd_enable_homedirs --> off httpd_execmem --> off httpd_graceful_shutdown --> on httpd_manage_ipa --> off httpd_mod_auth_ntlm_winbind --> off httpd_mod_auth_pam --> off httpd_read_user_content --> off httpd_run_ipa --> off httpd_run_preupgrade --> off httpd_run_stickshift --> off httpd_serve_cobbler_files --> off httpd_setrlimit --> off httpd_ssi_exec --> off httpd_sys_script_anon_write --> off httpd_tmp_exec --> off httpd_tty_comm --> off httpd_unified --> off httpd_use_cifs --> off httpd_use_fusefs --> off httpd_use_gpg --> off httpd_use_nfs --> off httpd_use_openstack --> off httpd_use_sasl --> off httpd_verify_dns --> off icecast_use_any_tcp_ports --> off irc_use_any_tcp_ports --> off irssi_use_full_network --> off kdumpgui_run_bootloader --> off kerberos_enabled --> on ksmtuned_use_cifs --> off ksmtuned_use_nfs --> off logadm_exec_content --> on logging_syslogd_can_sendmail --> off logging_syslogd_run_nagios_plugins --> off logging_syslogd_use_tty --> on login_console_enabled --> on logrotate_use_nfs --> off logwatch_can_network_connect_mail --> off lsmd_plugin_connect_any --> off mailman_use_fusefs --> off mcelog_client --> off mcelog_exec_scripts --> on mcelog_foreground --> off mcelog_server --> off minidlna_read_generic_user_content --> off mmap_low_allowed --> off mock_enable_homedirs --> off mount_anyfile --> on mozilla_plugin_bind_unreserved_ports --> off mozilla_plugin_can_network_connect --> off mozilla_plugin_use_bluejeans --> off mozilla_plugin_use_gps --> off mozilla_plugin_use_spice --> off mozilla_read_content --> off mpd_enable_homedirs --> off mpd_use_cifs --> off mpd_use_nfs --> off mplayer_execstack --> off mysql_connect_any --> off nagios_run_pnp4nagios --> off nagios_run_sudo --> off named_tcp_bind_http_port --> off named_write_master_zones --> off neutron_can_network --> off nfs_export_all_ro --> on nfs_export_all_rw --> on nfsd_anon_write --> off nis_enabled --> off nscd_use_shm --> on openshift_use_nfs --> off openvpn_can_network_connect --> on openvpn_enable_homedirs --> on openvpn_run_unconfined --> off pcp_bind_all_unreserved_ports --> off pcp_read_generic_logs --> off piranha_lvs_can_network_connect --> off polipo_connect_all_unreserved --> off polipo_session_bind_all_unreserved_ports --> off polipo_session_users --> off polipo_use_cifs --> off polipo_use_nfs --> off polyinstantiation_enabled --> off postfix_local_write_mail_spool --> on postgresql_can_rsync --> off postgresql_selinux_transmit_client_label --> off postgresql_selinux_unconfined_dbadm --> on postgresql_selinux_users_ddl --> on pppd_can_insmod --> off pppd_for_user --> off privoxy_connect_any --> on prosody_bind_http_port --> off puppetagent_manage_all_files --> off puppetmaster_use_db --> off racoon_read_shadow --> off rpcd_use_fusefs --> off rsync_anon_write --> off rsync_client --> off rsync_export_all_ro --> off rsync_full_access --> off samba_create_home_dirs --> off samba_domain_controller --> off samba_enable_home_dirs --> off samba_export_all_ro --> off samba_export_all_rw --> off samba_load_libgfapi --> off samba_portmapper --> off samba_run_unconfined --> off samba_share_fusefs --> off samba_share_nfs --> off sanlock_use_fusefs --> on sanlock_use_nfs --> on sanlock_use_samba --> on saslauthd_read_shadow --> off secadm_exec_content --> on secure_mode --> off secure_mode_insmod --> off secure_mode_policyload --> off selinuxuser_direct_dri_enabled --> on selinuxuser_execheap --> off selinuxuser_execmod --> on selinuxuser_execstack --> on selinuxuser_mysql_connect_enabled --> off selinuxuser_ping --> on selinuxuser_postgresql_connect_enabled --> off selinuxuser_rw_noexattrfile --> on selinuxuser_share_music --> off selinuxuser_tcp_server --> off selinuxuser_udp_server --> off selinuxuser_use_ssh_chroot --> off sftpd_anon_write --> off sftpd_enable_homedirs --> off sftpd_full_access --> off sftpd_write_ssh_home --> off sge_domain_can_network_connect --> off sge_use_nfs --> off smartmon_3ware --> off smbd_anon_write --> off spamassassin_can_network --> off spamd_enable_home_dirs --> on squid_connect_any --> on squid_use_tproxy --> off ssh_chroot_rw_homedirs --> off ssh_keysign --> off ssh_sysadm_login --> off staff_exec_content --> on staff_use_svirt --> off swift_can_network --> off sysadm_exec_content --> on telepathy_connect_all_ports --> off telepathy_tcp_connect_generic_network_ports --> on tftp_anon_write --> off tftp_home_dir --> off tmpreaper_use_nfs --> off tmpreaper_use_samba --> off tor_bind_all_unreserved_ports --> off tor_can_network_relay --> off unconfined_chrome_sandbox_transition --> on unconfined_login --> on unconfined_mozilla_plugin_transition --> on unprivuser_use_svirt --> off use_ecryptfs_home_dirs --> off use_fusefs_home_dirs --> off use_lpd_server --> off use_nfs_home_dirs --> off use_samba_home_dirs --> off user_exec_content --> on varnishd_connect_any --> off virt_read_qemu_ga_data --> off virt_rw_qemu_ga_data --> off virt_sandbox_use_all_caps --> on virt_sandbox_use_audit --> on virt_sandbox_use_mknod --> off virt_sandbox_use_netlink --> off virt_sandbox_use_nfs --> off virt_sandbox_use_samba --> off virt_sandbox_use_sys_admin --> off virt_transition_userdomain --> off virt_use_comm --> off virt_use_execmem --> off virt_use_fusefs --> on virt_use_nfs --> on virt_use_rawip --> off virt_use_samba --> on virt_use_sanlock --> on virt_use_usb --> on virt_use_xserver --> off webadm_manage_user_files --> off webadm_read_user_files --> off wine_mmap_zero_ignore --> off xdm_bind_vnc_tcp_port --> off xdm_exec_bootloader --> off xdm_sysadm_login --> off xdm_write_home --> off xen_use_nfs --> off xend_run_blktap --> on xend_run_qemu --> on xguest_connect_network --> on xguest_exec_content --> on xguest_mount_media --> on xguest_use_bluetooth --> on xserver_clients_write_xshm --> off xserver_execmem --> off xserver_object_manager --> off zabbix_can_network --> off zarafa_setrlimit --> off zebra_write_config --> off zoneminder_anon_write --> off zoneminder_run_sudo --> off After upgrade ===================== # cat /etc/redhat-release Red Hat Enterprise Linux release 7.2 # rpm -qa | grep -i vdsm vdsm-hook-openstacknet-4.18.13-1.el7ev.noarch vdsm-jsonrpc-4.18.13-1.el7ev.noarch vdsm-hook-vmfex-dev-4.18.13-1.el7ev.noarch vdsm-yajsonrpc-4.18.13-1.el7ev.noarch vdsm-api-4.18.13-1.el7ev.noarch vdsm-hook-vhostmd-4.18.13-1.el7ev.noarch vdsm-python-4.18.13-1.el7ev.noarch vdsm-cli-4.18.13-1.el7ev.noarch vdsm-4.18.13-1.el7ev.x86_64 vdsm-xmlrpc-4.18.13-1.el7ev.noarch vdsm-hook-ethtool-options-4.18.13-1.el7ev.noarch vdsm-hook-fcoe-4.18.13-1.el7ev.noarch vdsm-infra-4.18.13-1.el7ev.noarch # getsebool -a abrt_anon_write --> off abrt_handle_event --> off abrt_upload_watch_anon_write --> on antivirus_can_scan_system --> off antivirus_use_jit --> off auditadm_exec_content --> on authlogin_nsswitch_use_ldap --> off authlogin_radius --> off authlogin_yubikey --> off awstats_purge_apache_log_files --> off boinc_execmem --> on cdrecord_read_content --> off cluster_can_network_connect --> off cluster_manage_all_files --> off cluster_use_execmem --> off cobbler_anon_write --> off cobbler_can_network_connect --> off cobbler_use_cifs --> off cobbler_use_nfs --> off collectd_tcp_network_connect --> off condor_tcp_network_connect --> off conman_can_network --> off cron_can_relabel --> off cron_system_cronjob_use_shares --> off cron_userdomain_transition --> on cups_execmem --> off cvs_read_shadow --> off daemons_dump_core --> off daemons_enable_cluster_mode --> off daemons_use_tcp_wrapper --> off daemons_use_tty --> off dbadm_exec_content --> on dbadm_manage_user_files --> off dbadm_read_user_files --> off deny_execmem --> off deny_ptrace --> off dhcpc_exec_iptables --> off dhcpd_use_ldap --> off docker_connect_any --> off domain_fd_use --> on domain_kernel_load_modules --> off entropyd_use_audio --> on exim_can_connect_db --> off exim_manage_user_files --> off exim_read_user_files --> off fcron_crond --> off fenced_can_network_connect --> off fenced_can_ssh --> off fips_mode --> on ftpd_anon_write --> off ftpd_connect_all_unreserved --> off ftpd_connect_db --> off ftpd_full_access --> off ftpd_use_cifs --> off ftpd_use_fusefs --> off ftpd_use_nfs --> off ftpd_use_passive_mode --> off git_cgi_enable_homedirs --> off git_cgi_use_cifs --> off git_cgi_use_nfs --> off git_session_bind_all_unreserved_ports --> off git_session_users --> off git_system_enable_homedirs --> off git_system_use_cifs --> off git_system_use_nfs --> off gitosis_can_sendmail --> off glance_api_can_network --> off glance_use_execmem --> off glance_use_fusefs --> off global_ssp --> off gluster_anon_write --> off gluster_export_all_ro --> off gluster_export_all_rw --> on gpg_web_anon_write --> off gssd_read_tmp --> on guest_exec_content --> on haproxy_connect_any --> off httpd_anon_write --> off httpd_builtin_scripting --> on httpd_can_check_spam --> off httpd_can_connect_ftp --> off httpd_can_connect_ldap --> off httpd_can_connect_mythtv --> off httpd_can_connect_zabbix --> off httpd_can_network_connect --> off httpd_can_network_connect_cobbler --> off httpd_can_network_connect_db --> off httpd_can_network_memcache --> off httpd_can_network_relay --> off httpd_can_sendmail --> off httpd_dbus_avahi --> off httpd_dbus_sssd --> off httpd_dontaudit_search_dirs --> off httpd_enable_cgi --> on httpd_enable_ftp_server --> off httpd_enable_homedirs --> off httpd_execmem --> off httpd_graceful_shutdown --> on httpd_manage_ipa --> off httpd_mod_auth_ntlm_winbind --> off httpd_mod_auth_pam --> off httpd_read_user_content --> off httpd_run_ipa --> off httpd_run_preupgrade --> off httpd_run_stickshift --> off httpd_serve_cobbler_files --> off httpd_setrlimit --> off httpd_ssi_exec --> off httpd_sys_script_anon_write --> off httpd_tmp_exec --> off httpd_tty_comm --> off httpd_unified --> off httpd_use_cifs --> off httpd_use_fusefs --> off httpd_use_gpg --> off httpd_use_nfs --> off httpd_use_openstack --> off httpd_use_sasl --> off httpd_verify_dns --> off icecast_use_any_tcp_ports --> off irc_use_any_tcp_ports --> off irssi_use_full_network --> off kdumpgui_run_bootloader --> off kerberos_enabled --> on ksmtuned_use_cifs --> off ksmtuned_use_nfs --> off logadm_exec_content --> on logging_syslogd_can_sendmail --> off logging_syslogd_run_nagios_plugins --> off logging_syslogd_use_tty --> on login_console_enabled --> on logrotate_read_inside_containers --> off logrotate_use_nfs --> off logwatch_can_network_connect_mail --> off lsmd_plugin_connect_any --> off mailman_use_fusefs --> off mcelog_client --> off mcelog_exec_scripts --> on mcelog_foreground --> off mcelog_server --> off minidlna_read_generic_user_content --> off mmap_low_allowed --> off mock_enable_homedirs --> off mount_anyfile --> on mozilla_plugin_bind_unreserved_ports --> off mozilla_plugin_can_network_connect --> off mozilla_plugin_use_bluejeans --> off mozilla_plugin_use_gps --> off mozilla_plugin_use_spice --> off mozilla_read_content --> off mpd_enable_homedirs --> off mpd_use_cifs --> off mpd_use_nfs --> off mplayer_execstack --> off mysql_connect_any --> off nagios_run_pnp4nagios --> off nagios_run_sudo --> off named_tcp_bind_http_port --> off named_write_master_zones --> off neutron_can_network --> off nfs_export_all_ro --> on nfs_export_all_rw --> on nfsd_anon_write --> off nis_enabled --> off nscd_use_shm --> on openshift_use_nfs --> off openvpn_can_network_connect --> on openvpn_enable_homedirs --> on openvpn_run_unconfined --> off pcp_bind_all_unreserved_ports --> off pcp_read_generic_logs --> off piranha_lvs_can_network_connect --> off polipo_connect_all_unreserved --> off polipo_session_bind_all_unreserved_ports --> off polipo_session_users --> off polipo_use_cifs --> off polipo_use_nfs --> off polyinstantiation_enabled --> off postfix_local_write_mail_spool --> on postgresql_can_rsync --> off postgresql_selinux_transmit_client_label --> off postgresql_selinux_unconfined_dbadm --> on postgresql_selinux_users_ddl --> on pppd_can_insmod --> off pppd_for_user --> off privoxy_connect_any --> on prosody_bind_http_port --> off puppetagent_manage_all_files --> off puppetmaster_use_db --> off racoon_read_shadow --> off rpcd_use_fusefs --> off rsync_anon_write --> off rsync_client --> off rsync_export_all_ro --> off rsync_full_access --> off samba_create_home_dirs --> off samba_domain_controller --> off samba_enable_home_dirs --> off samba_export_all_ro --> off samba_export_all_rw --> off samba_load_libgfapi --> off samba_portmapper --> off samba_run_unconfined --> off samba_share_fusefs --> off samba_share_nfs --> off sanlock_use_fusefs --> off sanlock_use_nfs --> off sanlock_use_samba --> off saslauthd_read_shadow --> off secadm_exec_content --> on secure_mode --> off secure_mode_insmod --> off secure_mode_policyload --> off selinuxuser_direct_dri_enabled --> on selinuxuser_execheap --> off selinuxuser_execmod --> on selinuxuser_execstack --> on selinuxuser_mysql_connect_enabled --> off selinuxuser_ping --> on selinuxuser_postgresql_connect_enabled --> off selinuxuser_rw_noexattrfile --> on selinuxuser_share_music --> off selinuxuser_tcp_server --> off selinuxuser_udp_server --> off selinuxuser_use_ssh_chroot --> off sge_domain_can_network_connect --> off sge_use_nfs --> off smartmon_3ware --> off smbd_anon_write --> off spamassassin_can_network --> off spamd_enable_home_dirs --> on spamd_update_can_network --> off squid_connect_any --> on squid_use_tproxy --> off ssh_chroot_rw_homedirs --> off ssh_keysign --> off ssh_sysadm_login --> off staff_exec_content --> on staff_use_svirt --> off swift_can_network --> off sysadm_exec_content --> on telepathy_connect_all_ports --> off telepathy_tcp_connect_generic_network_ports --> on tftp_anon_write --> off tftp_home_dir --> off tmpreaper_use_cifs --> off tmpreaper_use_nfs --> off tmpreaper_use_samba --> off tor_bind_all_unreserved_ports --> off tor_can_network_relay --> off unconfined_chrome_sandbox_transition --> on unconfined_login --> on unconfined_mozilla_plugin_transition --> on unprivuser_use_svirt --> off use_ecryptfs_home_dirs --> off use_fusefs_home_dirs --> off use_lpd_server --> off use_nfs_home_dirs --> off use_samba_home_dirs --> off user_exec_content --> on varnishd_connect_any --> off virt_read_qemu_ga_data --> off virt_rw_qemu_ga_data --> off virt_sandbox_use_all_caps --> on virt_sandbox_use_audit --> on virt_sandbox_use_fusefs --> off virt_sandbox_use_mknod --> off virt_sandbox_use_netlink --> off virt_sandbox_use_sys_admin --> off virt_transition_userdomain --> off virt_use_comm --> off virt_use_execmem --> off virt_use_fusefs --> off virt_use_nfs --> off virt_use_rawip --> off virt_use_samba --> off virt_use_sanlock --> off virt_use_usb --> on virt_use_xserver --> off webadm_manage_user_files --> off webadm_read_user_files --> off wine_mmap_zero_ignore --> off xdm_bind_vnc_tcp_port --> off xdm_exec_bootloader --> off xdm_sysadm_login --> off xdm_write_home --> off xen_use_nfs --> off xend_run_blktap --> on xend_run_qemu --> on xguest_connect_network --> on xguest_exec_content --> on xguest_mount_media --> on xguest_use_bluetooth --> on xserver_clients_write_xshm --> off xserver_execmem --> off xserver_object_manager --> off zabbix_can_network --> off zarafa_setrlimit --> off zebra_write_config --> off zoneminder_anon_write --> off zoneminder_run_sudo --> off Diff from getsebool ==================== # diff -ruN before-upgrade after-upgrade --- before-upgrade 2016-09-26 23:54:51.603765224 -0400 +++ after-upgrade 2016-09-26 23:54:34.891341349 -0400 @@ -36,6 +36,7 @@ deny_ptrace --> off dhcpc_exec_iptables --> off dhcpd_use_ldap --> off +docker_connect_any --> off domain_fd_use --> on domain_kernel_load_modules --> off entropyd_use_audio --> on @@ -46,7 +47,6 @@ fenced_can_network_connect --> off fenced_can_ssh --> off fips_mode --> on -ftp_home_dir --> off ftpd_anon_write --> off ftpd_connect_all_unreserved --> off ftpd_connect_db --> off @@ -129,6 +129,7 @@ logging_syslogd_run_nagios_plugins --> off logging_syslogd_use_tty --> on login_console_enabled --> on +logrotate_read_inside_containers --> off logrotate_use_nfs --> off logwatch_can_network_connect_mail --> off lsmd_plugin_connect_any --> off @@ -202,9 +203,9 @@ samba_run_unconfined --> off samba_share_fusefs --> off samba_share_nfs --> off -sanlock_use_fusefs --> on -sanlock_use_nfs --> on -sanlock_use_samba --> on +sanlock_use_fusefs --> off +sanlock_use_nfs --> off +sanlock_use_samba --> off saslauthd_read_shadow --> off secadm_exec_content --> on secure_mode --> off @@ -222,16 +223,13 @@ selinuxuser_tcp_server --> off selinuxuser_udp_server --> off selinuxuser_use_ssh_chroot --> off -sftpd_anon_write --> off -sftpd_enable_homedirs --> off -sftpd_full_access --> off -sftpd_write_ssh_home --> off sge_domain_can_network_connect --> off sge_use_nfs --> off smartmon_3ware --> off smbd_anon_write --> off spamassassin_can_network --> off spamd_enable_home_dirs --> on +spamd_update_can_network --> off squid_connect_any --> on squid_use_tproxy --> off ssh_chroot_rw_homedirs --> off @@ -245,6 +243,7 @@ telepathy_tcp_connect_generic_network_ports --> on tftp_anon_write --> off tftp_home_dir --> off +tmpreaper_use_cifs --> off tmpreaper_use_nfs --> off tmpreaper_use_samba --> off tor_bind_all_unreserved_ports --> off @@ -264,19 +263,18 @@ virt_rw_qemu_ga_data --> off virt_sandbox_use_all_caps --> on virt_sandbox_use_audit --> on +virt_sandbox_use_fusefs --> off virt_sandbox_use_mknod --> off virt_sandbox_use_netlink --> off -virt_sandbox_use_nfs --> off -virt_sandbox_use_samba --> off virt_sandbox_use_sys_admin --> off virt_transition_userdomain --> off virt_use_comm --> off virt_use_execmem --> off -virt_use_fusefs --> on -virt_use_nfs --> on +virt_use_fusefs --> off +virt_use_nfs --> off virt_use_rawip --> off -virt_use_samba --> on -virt_use_sanlock --> on +virt_use_samba --> off +virt_use_sanlock --> off virt_use_usb --> on virt_use_xserver --> off webadm_manage_user_files --> off
Worth to mention that if I upgrade the rpms via yum (non squashfs) from vdsm-4.18.11-1.el7ev to vdsm-4.18.13-1.el7ev.x86_64 I didn't see any problem. The issue seems related to the boot with the new squashfs and updated vdsm. Tested executed: # installed RHVH-4.0-20160822.8-RHVH-x86_64-dvd1.iso # registered and approved in RHVM # created a local repo with vdsm-4.18.13-1.el7ev.x86_64 # yum update -y # reboot After reboot, host is up.
This is fixed in a new build of selinux-policy. Next build should pick it up.
Should be fixed in selinux-policy-3.13.1-102.el7_3.3
Test version: 1. Before update: RHVH-4.0-20160822.8-RHVH-x86_64-dvd1.iso imgbased-0.8.4-1.el7ev.noarch redhat-virtualization-host-image-update-placeholder-4.0-2.el7.noarch kernel-3.10.0-327.28.2.el7.x86_64 2. After update: redhat-virtualization-host-4.0-20161107.0 imgbased-0.8.7-0.1.el7ev.noarch redhat-virtualization-host-image-update-placeholder-4.0-5.1.el7.noarch kernel-3.10.0-514.el7.x86_64 selinux-policy-3.13.1-102.el7_3.4.noarch Test Steps: 1. Install RHVH RHVH-4.0-20160822.8-RHVH-x86_64-dvd1.iso 2. Reboot and login RHVH, add RHVH to RHVM successful 3. Login RHVH, setup local repos 4. Update RHVH to redhat-virtualization-host-4.0-20161107.0: # yum update 5. Reboot and login RHVH, check RHVH status in RHVM side Test results: 1. After step5, RHVH status is UP in RHVM side So this bug is fixed in redhat-virtualization-host-4.0-20161107.0, I will VERIFY this bug once the status changes to ON_QA
Verify this bug according #c17.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2813.html