+++ This bug is a downstream clone. The original bug is: +++ +++ bug 1401359 +++ ====================================================================== Description of problem: In 3.5, /etc/ovirt-hosted-engine/answers.conf permissions are, right after install, as below: Initial Host: -rw-rw----. 1 root root 2585 Dec 5 00:08 /etc/ovirt-hosted-engine/answers.conf Additional Hosts: -rw-r--r--. 1 root root 2575 Dec 5 00:18 /etc/ovirt-hosted-engine/answers.conf When upgrading to 3.6, if the Host chosen to upgrade first (to ha 1.3.x) is the Initial one selected for the initial deployment of HE (-rw-rw----), the HE SD upgrade fails due to EACCESS to answers.conf file. Version-Release number of selected component (if applicable): Red Hat Enterprise Virtualization Hypervisor release 7.2 (20160920.1.el7ev) ovirt-hosted-engine-ha-1.3.5.8-1.el7ev.noarch How reproducible: 100% Steps to Reproduce: 1. Deploy fresh Hosted Engine on 3.5 using 20160219.0.el7ev 2. Upgrade initial HE host to 20160920.1.el7ev 3. Trigger HE SD Upgrade (Host in maintenance, restart ha-agent) Actual results: If one chooses the initial HE Host to do the upgrade, the HE SD not Upgraded, ha-agent keeps restarting. See: MainThread::INFO::2016-12-05 01:24:38,917::upgrade::1010::ovirt_hosted_engine_ha.lib.upgrade.StorageServer::(upgrade_35_36) Upgrading to current version MainThread::INFO::2016-12-05 01:24:39,004::upgrade::736::ovirt_hosted_engine_ha.lib.upgrade.StorageServer::(_stopMonitoringDomain) Stop monitoring domain MainThread::INFO::2016-12-05 01:24:39,059::upgrade::151::ovirt_hosted_engine_ha.lib.upgrade.StorageServer::(_is_conf_volume_there) Looking for conf volume MainThread::ERROR::2016-12-05 01:24:39,112::upgrade::207::ovirt_hosted_engine_ha.lib.upgrade.StorageServer::(_is_conf_volume_there) Unable to find HE conf volume MainThread::INFO::2016-12-05 01:24:39,112::upgrade::953::ovirt_hosted_engine_ha.lib.upgrade.StorageServer::(_move_to_shared_conf) _move_to_shared_conf MainThread::INFO::2016-12-05 01:24:39,112::upgrade::375::ovirt_hosted_engine_ha.lib.upgrade.StorageServer::(_get_conffile_content) Reading conf file: fhanswers.conf MainThread::ERROR::2016-12-05 01:24:39,112::upgrade::399::ovirt_hosted_engine_ha.lib.upgrade.StorageServer::(_get_conffile_content) Failed to read configuration file '/etc/ovirt-hosted-engine/answers.conf': [Errno 13] Permission denied: '/etc/ovirt-hosted-engine/answers.conf' MainThread::ERROR::2016-12-05 01:24:39,113::agent::205::ovirt_hosted_engine_ha.agent.agent.Agent::(_run_agent) Error: 'Failed to read configuration file '/etc/ovirt-hosted-engine/answers.conf': [Errno 13] Permission denied: '/etc/ovirt-hosted-engine/answers.conf'' - trying to restart agent Expected results: HE SD upgraded. Additional info: The permission issue seem to be there for some time. In previous hosted-engine-ha in 3.6 apparently used to upgrade the HE SD even when hitting this "Permission denied" error. See: https://bugzilla.redhat.com/show_bug.cgi?id=1292652#c1 Apparently we missed that error in that BZ, and now the behavior is slightly different, we restart the agent and the HE SD is NOT upgraded at the step it should. This causes troubles for 3.5 to 3.6 Upgrade. (Originally by Germano Veit Michel)
Verified on ovirt-hosted-engine-setup-2.0.4.3-3.el7ev.noarch # pwd /etc/ovirt-hosted-engine # ll total 344 -rw-r--r--. 1 root root 207 Feb 8 20:44 10-appliance.conf -rw-rw----. 1 root kvm 3427 Mar 1 11:26 answers.conf drwxr-xr-x. 2 root root 32 Mar 1 10:58 firewalld -rw-r--r--. 1 root root 1084 Mar 1 10:58 hosted-engine.conf -rw-r--r--. 1 root root 681 Mar 1 10:53 iptables.example -rw-------. 1 root root 103 Mar 1 15:49 virsh_auth.conf
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2017-0541.html