Bug 1466234 - Hosted Engine upgrade from 3.6 to 4.0 will fail if the NFS is exported with root_squash
Hosted Engine upgrade from 3.6 to 4.0 will fail if the NFS is exported with r...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-hosted-engine-setup (Show other bugs)
4.0.7
All Linux
high Severity urgent
: ovirt-4.2.0
: ---
Assigned To: Simone Tiraboschi
Nikolai Sednev
: Triaged, ZStream
Depends On:
Blocks: 1458709 1467813
  Show dependency treegraph
 
Reported: 2017-06-29 06:18 EDT by nijin ashok
Modified: 2018-05-15 13:34 EDT (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
The Hosted Engine upgrade tool now drops root privileges when accessing storage, preventing a failure in cases where the root_squash option is enabled.
Story Points: ---
Clone Of:
: 1467813 (view as bug list)
Environment:
Last Closed: 2018-05-15 13:32:21 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Integration
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 3099431 None None None 2017-06-29 23:34 EDT
oVirt gerrit 78852 master MERGED appliance upgrade: drop root privileges on storage 2017-07-03 09:20 EDT
oVirt gerrit 78943 ovirt-hosted-engine-setup-2.1 MERGED appliance upgrade: drop root privileges on storage 2017-07-03 09:58 EDT
oVirt gerrit 79032 None None None 2017-07-05 09:15 EDT
oVirt gerrit 79037 ovirt-hosted-engine-setup-2.1 MERGED Revert "Revert "appliance upgrade: drop root privileges on storage"" 2017-07-05 09:22 EDT
Red Hat Product Errata RHBA-2018:1471 None None None 2018-05-15 13:34 EDT

  None (edit)
Description nijin ashok 2017-06-29 06:18:28 EDT
Description of problem:

If the NFS storage for hosted engine is exported with root_squash , the hosted-engine --upgrade-appliance will fail when injecting the backup file to the image. The root_squash is the default settings for almost all NAS storage and even RHEL NFS server. 

The upgrade will fail when it inject the backup file to the HE image using guestfish. 


2017-06-29 14:59:28 DEBUG otopi.context context._executeMethod:142 method exception
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/otopi/context.py", line 132, in _executeMethod
    method['method']()
  File "/usr/share/ovirt-hosted-engine-setup/scripts/../plugins/gr-he-common/vm/boot_disk.py", line 716, in _misc
    ohostedcons.Upgrade.BACKUP_FILE
  File "/usr/lib/python2.7/site-packages/otopi/transaction.py", line 156, in __exit__
    self.commit()
  File "/usr/lib/python2.7/site-packages/otopi/transaction.py", line 148, in commit
    element.commit()
  File "/usr/share/ovirt-hosted-engine-setup/scripts/../plugins/gr-he-common/vm/boot_disk.py", line 219, in commit
    self._injectBackup()
  File "/usr/share/ovirt-hosted-engine-setup/scripts/../plugins/gr-he-common/vm/boot_disk.py", line 154, in _injectBackup
    g.add_drive_opts(filename=destination, format='raw', readonly=0)
  File "/usr/lib64/python2.7/site-packages/guestfs.py", line 559, in add_drive
    r = libguestfsmod.add_drive (self._o, filename, readonly, format, iface, name, label, protocol, server, username, secret, cachemode, discard, copyonread)
RuntimeError: /rhev/data-center/mnt/10.65.209.210:_data_nfs/c65acd3e-2ed8-46b6-8be9-a6d472c35441/images/1554afb0-1b74-497b-9d23-de7eed355595/c29d4ad0-ccf7-4863-a504-0bef62e6988c: Permission denied


We are using LIBGUESTFS_BACKEND as direct which means the guestfish will be executed as root user as hosted-engine-setup will be executed with root.

        g = guestfs.GuestFS(python_return_dict=True)
        g.set_backend('direct')
        g.add_drive_opts(filename=destination, format='raw', readonly=0)



Manually executing with root

===
export LIBGUESTFS_BACKEND=direct
guestfish -a  /rhev/data-center/mnt/10.65.209.210:_data_nfs/c65acd3e-2ed8-46b6-8be9-a6d472c35441/images/1554afb0-1b74-497b-9d23-de7eed355595/c29d4ad0-ccf7-4863-a504-0bef62e6988c
/rhev/data-center/mnt/10.65.209.210:_data_nfs/c65acd3e-2ed8-46b6-8be9-a6d472c35441/images/1554afb0-1b74-497b-9d23-de7eed355595/c29d4ad0-ccf7-4863-a504-0bef62e6988c: Permission denied
===

With vdsm user

===
su vdsm -s /bin/bash -c 'guestfish -a  /rhev/data-center/mnt/10.65.209.210:_data_nfs/c65acd3e-2ed8-46b6-8be9-a6d472c35441/images/1554afb0-1b74-497b-9d23-de7eed355595/c29d4ad0-ccf7-4863-a504-0bef62e6988c'

Welcome to guestfish, the guest filesystem shell for
editing virtual machine filesystems and disk images.

Type: 'help' for help on commands
      'man' to read the manual
      'quit' to quit the shell

><fs> 


Welcome to guestfish, the guest filesystem shell for
editing virtual machine filesystems and disk images.

Type: 'help' for help on commands
      'man' to read the manual
      'quit' to quit the shell

><fs>
====



Version-Release number of selected component (if applicable):

ovirt-hosted-engine-setup-2.0.4.3-3.el7ev.noarch

How reproducible:

100%

Steps to Reproduce:
1. Create a NFS share with root_squash and use it for HE deployment .
2. Upgrade using hosted-engine --upgrade-appliance

Actual results:

hosted-engine --upgrade-appliance is not working.

Expected results:

hosted-engine --upgrade-appliance  should work fine with a NFS exported with root_squash as this is default setting for many NAS servers.

Additional info:
Comment 9 Nikolai Sednev 2017-09-01 07:22:32 EDT
Forth to https://bugzilla.redhat.com/show_bug.cgi?id=1467813#c24, moving to verified.
Comment 12 errata-xmlrpc 2018-05-15 13:32:21 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:1471

Note You need to log in before you can comment on or make changes to this bug.