Bug 1466234 - Hosted Engine upgrade from 3.6 to 4.0 will fail if the NFS is exported with root_squash
Summary: Hosted Engine upgrade from 3.6 to 4.0 will fail if the NFS is exported with r...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-hosted-engine-setup
Version: 4.0.7
Hardware: All
OS: Linux
high
urgent
Target Milestone: ovirt-4.2.0
: ---
Assignee: Simone Tiraboschi
QA Contact: Nikolai Sednev
URL:
Whiteboard:
Depends On:
Blocks: 1458709 1467813
TreeView+ depends on / blocked
 
Reported: 2017-06-29 10:18 UTC by nijin ashok
Modified: 2020-09-10 10:48 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
The Hosted Engine upgrade tool now drops root privileges when accessing storage, preventing a failure in cases where the root_squash option is enabled.
Clone Of:
: 1467813 (view as bug list)
Environment:
Last Closed: 2018-05-15 17:32:21 UTC
oVirt Team: Integration
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 3099431 0 None None None 2017-06-30 03:34:34 UTC
Red Hat Product Errata RHBA-2018:1471 0 None None None 2018-05-15 17:34:05 UTC
oVirt gerrit 78852 0 master MERGED appliance upgrade: drop root privileges on storage 2017-07-03 13:20:04 UTC
oVirt gerrit 78943 0 ovirt-hosted-engine-setup-2.1 MERGED appliance upgrade: drop root privileges on storage 2017-07-03 13:58:39 UTC
oVirt gerrit 79032 0 None None None 2017-07-05 13:15:22 UTC
oVirt gerrit 79037 0 ovirt-hosted-engine-setup-2.1 MERGED Revert "Revert "appliance upgrade: drop root privileges on storage"" 2017-07-05 13:22:08 UTC

Description nijin ashok 2017-06-29 10:18:28 UTC 
Description of problem:

If the NFS storage for hosted engine is exported with root_squash , the hosted-engine --upgrade-appliance will fail when injecting the backup file to the image. The root_squash is the default settings for almost all NAS storage and even RHEL NFS server. 

The upgrade will fail when it inject the backup file to the HE image using guestfish. 


2017-06-29 14:59:28 DEBUG otopi.context context._executeMethod:142 method exception
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/otopi/context.py", line 132, in _executeMethod
    method['method']()
  File "/usr/share/ovirt-hosted-engine-setup/scripts/../plugins/gr-he-common/vm/boot_disk.py", line 716, in _misc
    ohostedcons.Upgrade.BACKUP_FILE
  File "/usr/lib/python2.7/site-packages/otopi/transaction.py", line 156, in __exit__
    self.commit()
  File "/usr/lib/python2.7/site-packages/otopi/transaction.py", line 148, in commit
    element.commit()
  File "/usr/share/ovirt-hosted-engine-setup/scripts/../plugins/gr-he-common/vm/boot_disk.py", line 219, in commit
    self._injectBackup()
  File "/usr/share/ovirt-hosted-engine-setup/scripts/../plugins/gr-he-common/vm/boot_disk.py", line 154, in _injectBackup
    g.add_drive_opts(filename=destination, format='raw', readonly=0)
  File "/usr/lib64/python2.7/site-packages/guestfs.py", line 559, in add_drive
    r = libguestfsmod.add_drive (self._o, filename, readonly, format, iface, name, label, protocol, server, username, secret, cachemode, discard, copyonread)
RuntimeError: /rhev/data-center/mnt/10.65.209.210:_data_nfs/c65acd3e-2ed8-46b6-8be9-a6d472c35441/images/1554afb0-1b74-497b-9d23-de7eed355595/c29d4ad0-ccf7-4863-a504-0bef62e6988c: Permission denied


We are using LIBGUESTFS_BACKEND as direct which means the guestfish will be executed as root user as hosted-engine-setup will be executed with root.

        g = guestfs.GuestFS(python_return_dict=True)
        g.set_backend('direct')
        g.add_drive_opts(filename=destination, format='raw', readonly=0)



Manually executing with root

===
export LIBGUESTFS_BACKEND=direct
guestfish -a  /rhev/data-center/mnt/10.65.209.210:_data_nfs/c65acd3e-2ed8-46b6-8be9-a6d472c35441/images/1554afb0-1b74-497b-9d23-de7eed355595/c29d4ad0-ccf7-4863-a504-0bef62e6988c
/rhev/data-center/mnt/10.65.209.210:_data_nfs/c65acd3e-2ed8-46b6-8be9-a6d472c35441/images/1554afb0-1b74-497b-9d23-de7eed355595/c29d4ad0-ccf7-4863-a504-0bef62e6988c: Permission denied
===

With vdsm user

===
su vdsm -s /bin/bash -c 'guestfish -a  /rhev/data-center/mnt/10.65.209.210:_data_nfs/c65acd3e-2ed8-46b6-8be9-a6d472c35441/images/1554afb0-1b74-497b-9d23-de7eed355595/c29d4ad0-ccf7-4863-a504-0bef62e6988c'

Welcome to guestfish, the guest filesystem shell for
editing virtual machine filesystems and disk images.

Type: 'help' for help on commands
      'man' to read the manual
      'quit' to quit the shell

><fs> 


Welcome to guestfish, the guest filesystem shell for
editing virtual machine filesystems and disk images.

Type: 'help' for help on commands
      'man' to read the manual
      'quit' to quit the shell

><fs>
====



Version-Release number of selected component (if applicable):

ovirt-hosted-engine-setup-2.0.4.3-3.el7ev.noarch

How reproducible:

100%

Steps to Reproduce:
1. Create a NFS share with root_squash and use it for HE deployment .
2. Upgrade using hosted-engine --upgrade-appliance

Actual results:

hosted-engine --upgrade-appliance is not working.

Expected results:

hosted-engine --upgrade-appliance  should work fine with a NFS exported with root_squash as this is default setting for many NAS servers.

Additional info:
Comment 9 Nikolai Sednev 2017-09-01 11:22:32 UTC 
Forth to https://bugzilla.redhat.com/show_bug.cgi?id=1467813#c24, moving to verified.
Comment 12 errata-xmlrpc 2018-05-15 17:32:21 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:1471
Comment 13 Franta Kust 2019-05-16 13:08:15 UTC 
BZ<2>Jira Resync
Note You need to log in before you can comment on or make changes to this bug.