Bug 1388317 - [z-stream clone - 4.0.5] Node upgrade doesn't keep service enable/disable configuration
Summary: [z-stream clone - 4.0.5] Node upgrade doesn't keep service enable/disable con...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-node-ng
Version: 4.0.3
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: ovirt-4.0.5
: ---
Assignee: Ryan Barry
QA Contact: cshao
URL:
Whiteboard:
: 1388373 (view as bug list)
Depends On: 1380797
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-10-25 06:06 UTC by rhev-integ
Modified: 2020-02-14 18:03 UTC (History)
20 users (show)

Fixed In Version: imgbased-0.8.6-0.1.el7ev
Doc Type: If docs needed, set a value
Doc Text:
Previously, a bug may have prevented disabled services from staying disabled when upgrading RHVH. Now, disabled services correctly stay disabled on upgrades.
Clone Of: 1380797
Environment:
Last Closed: 2016-11-22 17:03:11 UTC
oVirt Team: Node
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
/var/log/*.*; /tmp/log; sosreport; (306.24 KB, application/x-gzip)
2016-11-10 03:30 UTC, cshao 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1389679 0 urgent CLOSED Fatal error occurs during anaconda interactive install via iso. 2021-02-22 00:41:40 UTC
Red Hat Knowledge Base (Solution) 2683861 0 None None None 2016-10-25 06:07:08 UTC
Red Hat Product Errata RHBA-2016:2813 0 normal SHIPPED_LIVE redhat-virtualization-host bug fix and enhancement update for RHV 4.0.5-1 2016-11-22 22:01:32 UTC
oVirt gerrit 65406 0 'None' 'MERGED' 'osupdater: sync up systemd on upgrade' 2019-12-04 23:33:15 UTC

Internal Links: 1389679

Comment 3 Fabian Deutsch 2016-10-26 09:37:31 UTC 
*** Bug 1388373 has been marked as a duplicate of this bug. ***
Comment 4 Fabian Deutsch 2016-11-01 19:31:54 UTC 
This is causing a regression: bug 1389679
Comment 6 cshao 2016-11-10 03:15:31 UTC 
(In reply to shaochen from comment #5)
> Test version:
> rhvh-4.0-0.20160919.0
> redhat-virtualization-host-4.0-20161107.0
> imgbased-0.8.7-0.1.el7ev.noarch
> 
> Test steps:
> 1. Install RHVH old version(rhvh-4.0-0.20160919.0).
> 2. Check firewalld.service status.
> 3. Upgrade to redhat-virtualization-host-4.0-20161107.0
> 4. Check firewalld.service status again.
> 5. Check port 16514.
> 
> Test result:
> 1. After step2, firewalld server is active status at startup.
> 2. After step4, firewalld server is active status at startup.
> 3. After step5. there is nothing output.
> # iptables -L | grep 16514
> #
> 
> So the bug is fixed, change bug status to VERIFIED.


Re-test this bug with 3 times upgrade scenario, and the test result as following. So please ignore #c5.


Test version:
rhvh-4.0-0.20160817.0 (1)
rhvh-4.0-0.20160919.0 (2)
rhvh-4.0-0.20161107.0 (3)
imgbased-0.8.7-0.1.el7ev.noarch
selinux-policy-3.13.1-102.el7_3.4.noarch


Test steps:
1. Install RHVH old version (1).
2. Upgrade to (2).
3. Upgrade to (3).
4. Check firewalld.service status.
5. Check port 16514.
6. Reboot and login to (2)
7. Reboot and login to (3)
8. Check firewalld.service status and 16514 port.


Test result:
1. After step4 & 5, firewalld server is active status at startup.
   port 16514 is disabled.

# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2016-11-10 10:40:10 CST; 3min 29s ago
     Docs: man:firewalld(1)
 Main PID: 2258 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─2258 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Nov 10 10:40:05 dhcp-8-194.nay.redhat.com systemd[1]: Starting firewalld - dynamic firewall daemon...
Nov 10 10:40:10 dhcp-8-194.nay.redhat.com systemd[1]: Started firewalld - dynamic firewall daemon.
#  iptables -L | grep 16514
# 


2. After step8, firewalld server is active status at startup.
   port 16514 is disabled.

# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2016-11-10 11:11:47 CST; 1min 5s ago
     Docs: man:firewalld(1)
 Main PID: 1004 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─1004 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Nov 10 11:11:46 dhcp-8-194.nay.redhat.com systemd[1]: Starting firewalld - dynamic firewall daemon...
Nov 10 11:11:47 dhcp-8-194.nay.redhat.com systemd[1]: Started firewalld - dynamic firewall daemon.
# iptables -L | grep 16514
# 

According the resolution of k-base, RHVH should allow port 16514, and disable firewalld at startup, so I have to assigned this bug.
Comment 7 cshao 2016-11-10 03:30:38 UTC 
Created attachment 1219165 [details]
/var/log/*.*; /tmp/log; sosreport;
Comment 8 Ryan Barry 2016-11-10 05:36:20 UTC 
Did you register to RHV-M? If you didn't, firewalld will not be disabled
Comment 9 Ryan Barry 2016-11-10 05:40:42 UTC 
Please try registering to RHV-M or "systemctl disable firewalld.service" before upgrading. firewalld is not handled specially -- instead we compare the list of services vs /usr/share/factory/etc/systemd/system and remove anything which is not present
Comment 10 cshao 2016-11-10 05:48:55 UTC 
I was aware of this before adding this comment, and already tested it after registering rhvm, then the bug is fixed according to this following steps:


Test version:
rhvh-4.0-0.20160817.0 (1)
rhvh-4.0-0.20160919.0 (2)
rhvh-4.0-0.20161107.0 (3)
imgbased-0.8.7-0.1.el7ev.noarch
selinux-policy-3.13.1-102.el7_3.4.noarch


Test steps:
1. Install RHVH old version (1).
2. Upgrade to (2).
3. Upgrade to (3).
4. Register to RHVM.
5. Check firewalld.service status.
6. Check port 16514.


Test result:
1. After step5 & 6, firewalld server is inactive status at startup.
   port 16514 is enabled.

# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

Nov 10 11:11:46 dhcp-8-194.nay.redhat.com systemd[1]: Starting firewalld - dynamic firewall daemon...
Nov 10 11:11:47 dhcp-8-194.nay.redhat.com systemd[1]: Started firewalld - dynamic firewall daemon.
Nov 10 12:21:02 dhcp-8-194.nay.redhat.com systemd[1]: Stopping firewalld - dynamic firewall daemon...
Nov 10 12:21:02 dhcp-8-194.nay.redhat.com systemd[1]: Stopped firewalld - dynamic firewall daemon.

#  iptables -L | grep 16514
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:16514
# 

So the bug is fixed, change but status to VERIFIED.

Thanks Ryan.
Comment 12 errata-xmlrpc 2016-11-22 17:03:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2813.html
Note You need to log in before you can comment on or make changes to this bug.