Bug 1478339 - capabilities of /usr/bin/ping got corrupted after upgrade from 4.1.2 async to 4.1.3
capabilities of /usr/bin/ping got corrupted after upgrade from 4.1.2 async to...
Status: CLOSED CURRENTRELEASE
Product: ovirt-node
Classification: oVirt
Component: Installation & Update (Show other bugs)
4.1
Unspecified Unspecified
unspecified Severity high (vote)
: ovirt-4.1.4-1
: 4.1
Assigned To: Ryan Barry
Yihui Zhao
:
Depends On:
Blocks: Gluster-HC-3
  Show dependency treegraph
 
Reported: 2017-08-04 07:10 EDT by RamaKasturi
Modified: 2017-08-23 04:01 EDT (History)
10 users (show)

See Also:
Fixed In Version: imgbased-0.9.41-0.1.el7ev
Doc Type: Bug Fix
Doc Text:
Cause: In order to make upgrades faster, RHV-H changed from using rsync to tar when syncing the new layer. Consequence: Though --xattrs was used, the suid bit was not synced on updating. Fix: RHV-H now syncs all extended attributes. Result: All extended attributes are properly set.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-08-23 04:01:24 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Node
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
rule-engine: ovirt‑4.1?
ycui: testing_plan_complete?
knarra: planning_ack?
rbarry: devel_ack+
cshao: testing_ack+


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
oVirt gerrit 80158 master MERGED utils: modified tar arguments 2017-08-04 09:42 EDT
oVirt gerrit 80197 ovirt-4.1 MERGED utils: modified tar arguments 2017-08-04 09:43 EDT

  None (edit)
Description RamaKasturi 2017-08-04 07:10:26 EDT
Description of problem:
Once RHV-H is upgraded from 4.1.2 async to 4.1.3 i see that Hosted Engine Ha score goes to 1800 and this is due to the reason that ha broker process does not have permissions to run ping command.

After executing the following command on the host Hosted Engine score became 3400.

# chmod 4755 ll /usr/bin/ping

Version-Release number of selected component (if applicable):
imgbase w
2017-08-04 16:14:28,315 [INFO] You are on rhvh-4.1-0.20170706.0+1

[root@rhsqa-grafton4 ~]# cat /etc/os-release 
NAME="Red Hat Enterprise Linux"
VERSION="7.3"
VERSION_ID="7.3"
ID="rhel"
ID_LIKE="fedora"
VARIANT="Red Hat Virtualization Host"
VARIANT_ID="ovirt-node"
PRETTY_NAME="Red Hat Virtualization Host 4.1 (el7.3)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:7.3:GA:hypervisor"
HOME_URL="https://www.redhat.com/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"

# FIXME
REDHAT_BUGZILLA_PRODUCT="Red Hat Virtualization"
REDHAT_BUGZILLA_PRODUCT_VERSION=7.3
REDHAT_SUPPORT_PRODUCT="Red Hat Virtualization"
REDHAT_SUPPORT_PRODUCT_VERSION=7.3


How reproducible:
Always

Steps to Reproduce:
1. Install RHHI using RHV-H 4.1.2 async ISO
2. Now upgrade RHV-H ISO to 4.1.3.
3.

Actual results:
Hosted Engine HA score changes to 1800 due to the fact the ha broker is not able to run ping command.

Expected results:
Hosted engine HA score should be 3400 and /usr/bin/ping should have proper permissions.

Additional info:
Comment 1 Red Hat Bugzilla Rules Engine 2017-08-04 09:37:57 EDT
Target release should be placed once a package build is known to fix a issue. Since this bug is not modified, the target version has been reset. Please use target milestone to plan a fix for a oVirt release.
Comment 2 Yihui Zhao 2017-08-06 23:33:13 EDT
I can reproduce.

Test version:
iputils-20160308-8.el7.x86_64
imgbased-0.9.33-0.1.el7ev.noarch
4.1.2 async version:
rhvh-4.1-0.20170616.0
 +- rhvh-4.1-0.20170616.0+1
4.1.3 version:
rhvh-4.1-0.20170706.0
 +- rhvh-4.1-0.20170706.0+1

Test steps:
1. Install 4.1.2 async rhvh(0616).
2. Deploy HostedEngine
3. Add the additional two hosts to the cluster
4. Migrate HE-VM , upgrade rhvh to 4.1.3 version(0706)
5. Check HE status, agent.log

Actual results:
1. The metadata score changed to 1800 which is set 3400 before upgrade.
--== Host 1 status ==--

conf_on_shared_storage             : True
Status up-to-date                  : True
Hostname                           : dhcp-66-150-175.nay.redhat.com
Host ID                            : 1
Engine status                      : {"reason": "vm not running on this host", "health": "bad", "vm": "down", "detail": "unknown"}
Score                              : 1800
stopped                            : False
Local maintenance                  : False
crc32                              : 7454d657
local_conf_timestamp               : 3292
Host timestamp                     : 3277
Extra metadata (valid at timestamp):
	metadata_parse_version=1
	metadata_feature_version=1
	timestamp=3277 (Mon Aug  7 11:28:11 2017)
	host-id=1
	score=1800
	vm_conf_refresh_time=3292 (Mon Aug  7 11:28:26 2017)
	conf_on_shared_storage=True
	maintenance=False
	state=EngineDown
	stopped=False

2. /usr/bin/ping got corrupted:
[root@dell-per730-35 ~]# getcap /usr/bin/ping
[root@dell-per730-35 ~]# 


Additional info:
1. Reinstall the package "iputils" can solve the problem.
[root@dell-per730-35 opt]# rpm -e iputils-20160308-8.el7.x86_64 --nodeps
[root@dell-per730-35 opt]# ls
iputils-20160308-8.el7.x86_64.rpm
[root@dell-per730-35 opt]# rpm -ivh iputils-20160308-8.el7.x86_64.rpm 
Preparing...                          ################################# [100%]
Updating / installing...
   1:iputils-20160308-8.el7           ################################# [100%]
[root@dell-per730-35 opt]# getcap /usr/bin/ping
/usr/bin/ping = cap_net_admin,cap_net_raw+p
Comment 3 Yihui Zhao 2017-08-08 23:06:48 EDT
Test version:
rhvh-4.1-0.20170808.0+1
imgbased-0.9.41-0.1.el7ev.noarch
ovirt-imageio-common-1.0.0-0.el7ev.noarch
cockpit-ovirt-dashboard-0.10.7-0.0.21.el7ev.noarch
python-ovirt-engine-sdk4-4.1.5-1.el7ev.x86_64
ovirt-setup-lib-1.1.3-1.el7ev.noarch
ovirt-vmconsole-1.0.4-1.el7ev.noarch
ovirt-vmconsole-host-1.0.4-1.el7ev.noarch
ovirt-node-ng-nodectl-4.1.4-0.20170726.0.el7.noarch
ovirt-imageio-daemon-1.0.0-0.el7ev.noarch
ovirt-hosted-engine-setup-2.1.3.5-1.el7ev.noarch
ovirt-engine-sdk-python-3.6.9.1-1.el7ev.noarch
ovirt-hosted-engine-ha-2.1.4-1.el7ev.noarch
ovirt-host-deploy-1.6.6-1.el7ev.noarch

Test steps:
1. Install RHVH(rhvh-4.0-0.20170307.0)
2. Upgrade to the latest RHVH(rhvh-4.1-0.20170808.0+1)
3. Check the ping function( getcap /usr/bin/ping)

Result:
After step3, capabilities of /usr/bin/ping don't got corrupted and work well.
[root@hp-dl385pg8-14 ~]# getcap /usr/bin/ping
/usr/bin/ping = cap_net_admin,cap_net_raw+p


So, change the bug's status to VERIFIED.

Note You need to log in before you can comment on or make changes to this bug.