This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 1466234 - Hosted Engine upgrade from 3.6 to 4.0 will fail if the NFS is exported with root_squash
Hosted Engine upgrade from 3.6 to 4.0 will fail if the NFS is exported with r...
Status: VERIFIED
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-hosted-engine-setup (Show other bugs)
4.0.7
All Linux
high Severity urgent
: ovirt-4.2.0
: ---
Assigned To: Simone Tiraboschi
Nikolai Sednev
: Triaged, ZStream
Depends On:
Blocks: 1467813
  Show dependency treegraph
 
Reported: 2017-06-29 06:18 EDT by nijin ashok
Modified: 2017-09-28 04:41 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: the upgrade tool doesn't drop root privileges while accessing the storage. Consequence: on NFS with root_squash option enabled, the tool fails to access the storage. Fix: the tool now drops root privileges while accessing the storage Result:
Story Points: ---
Clone Of:
: 1467813 (view as bug list)
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Integration
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 3099431 None None None 2017-06-29 23:34 EDT
oVirt gerrit 78852 master MERGED appliance upgrade: drop root privileges on storage 2017-07-03 09:20 EDT
oVirt gerrit 78943 ovirt-hosted-engine-setup-2.1 MERGED appliance upgrade: drop root privileges on storage 2017-07-03 09:58 EDT
oVirt gerrit 79032 None None None 2017-07-05 09:15 EDT
oVirt gerrit 79037 ovirt-hosted-engine-setup-2.1 MERGED Revert "Revert "appliance upgrade: drop root privileges on storage"" 2017-07-05 09:22 EDT

  None (edit)
Description nijin ashok 2017-06-29 06:18:28 EDT
Description of problem:

If the NFS storage for hosted engine is exported with root_squash , the hosted-engine --upgrade-appliance will fail when injecting the backup file to the image. The root_squash is the default settings for almost all NAS storage and even RHEL NFS server. 

The upgrade will fail when it inject the backup file to the HE image using guestfish. 


2017-06-29 14:59:28 DEBUG otopi.context context._executeMethod:142 method exception
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/otopi/context.py", line 132, in _executeMethod
    method['method']()
  File "/usr/share/ovirt-hosted-engine-setup/scripts/../plugins/gr-he-common/vm/boot_disk.py", line 716, in _misc
    ohostedcons.Upgrade.BACKUP_FILE
  File "/usr/lib/python2.7/site-packages/otopi/transaction.py", line 156, in __exit__
    self.commit()
  File "/usr/lib/python2.7/site-packages/otopi/transaction.py", line 148, in commit
    element.commit()
  File "/usr/share/ovirt-hosted-engine-setup/scripts/../plugins/gr-he-common/vm/boot_disk.py", line 219, in commit
    self._injectBackup()
  File "/usr/share/ovirt-hosted-engine-setup/scripts/../plugins/gr-he-common/vm/boot_disk.py", line 154, in _injectBackup
    g.add_drive_opts(filename=destination, format='raw', readonly=0)
  File "/usr/lib64/python2.7/site-packages/guestfs.py", line 559, in add_drive
    r = libguestfsmod.add_drive (self._o, filename, readonly, format, iface, name, label, protocol, server, username, secret, cachemode, discard, copyonread)
RuntimeError: /rhev/data-center/mnt/10.65.209.210:_data_nfs/c65acd3e-2ed8-46b6-8be9-a6d472c35441/images/1554afb0-1b74-497b-9d23-de7eed355595/c29d4ad0-ccf7-4863-a504-0bef62e6988c: Permission denied


We are using LIBGUESTFS_BACKEND as direct which means the guestfish will be executed as root user as hosted-engine-setup will be executed with root.

        g = guestfs.GuestFS(python_return_dict=True)
        g.set_backend('direct')
        g.add_drive_opts(filename=destination, format='raw', readonly=0)



Manually executing with root

===
export LIBGUESTFS_BACKEND=direct
guestfish -a  /rhev/data-center/mnt/10.65.209.210:_data_nfs/c65acd3e-2ed8-46b6-8be9-a6d472c35441/images/1554afb0-1b74-497b-9d23-de7eed355595/c29d4ad0-ccf7-4863-a504-0bef62e6988c
/rhev/data-center/mnt/10.65.209.210:_data_nfs/c65acd3e-2ed8-46b6-8be9-a6d472c35441/images/1554afb0-1b74-497b-9d23-de7eed355595/c29d4ad0-ccf7-4863-a504-0bef62e6988c: Permission denied
===

With vdsm user

===
su vdsm -s /bin/bash -c 'guestfish -a  /rhev/data-center/mnt/10.65.209.210:_data_nfs/c65acd3e-2ed8-46b6-8be9-a6d472c35441/images/1554afb0-1b74-497b-9d23-de7eed355595/c29d4ad0-ccf7-4863-a504-0bef62e6988c'

Welcome to guestfish, the guest filesystem shell for
editing virtual machine filesystems and disk images.

Type: 'help' for help on commands
      'man' to read the manual
      'quit' to quit the shell

><fs> 


Welcome to guestfish, the guest filesystem shell for
editing virtual machine filesystems and disk images.

Type: 'help' for help on commands
      'man' to read the manual
      'quit' to quit the shell

><fs>
====



Version-Release number of selected component (if applicable):

ovirt-hosted-engine-setup-2.0.4.3-3.el7ev.noarch

How reproducible:

100%

Steps to Reproduce:
1. Create a NFS share with root_squash and use it for HE deployment .
2. Upgrade using hosted-engine --upgrade-appliance

Actual results:

hosted-engine --upgrade-appliance is not working.

Expected results:

hosted-engine --upgrade-appliance  should work fine with a NFS exported with root_squash as this is default setting for many NAS servers.

Additional info:
Comment 9 Nikolai Sednev 2017-09-01 07:22:32 EDT
Forth to https://bugzilla.redhat.com/show_bug.cgi?id=1467813#c24, moving to verified.

Note You need to log in before you can comment on or make changes to this bug.