Description of problem: Once RHV-H is upgraded from 4.1.2 async to 4.1.3 i see that Hosted Engine Ha score goes to 1800 and this is due to the reason that ha broker process does not have permissions to run ping command. After executing the following command on the host Hosted Engine score became 3400. # chmod 4755 ll /usr/bin/ping Version-Release number of selected component (if applicable): imgbase w 2017-08-04 16:14:28,315 [INFO] You are on rhvh-4.1-0.20170706.0+1 [root@rhsqa-grafton4 ~]# cat /etc/os-release NAME="Red Hat Enterprise Linux" VERSION="7.3" VERSION_ID="7.3" ID="rhel" ID_LIKE="fedora" VARIANT="Red Hat Virtualization Host" VARIANT_ID="ovirt-node" PRETTY_NAME="Red Hat Virtualization Host 4.1 (el7.3)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:redhat:enterprise_linux:7.3:GA:hypervisor" HOME_URL="https://www.redhat.com/" BUG_REPORT_URL="https://bugzilla.redhat.com/" # FIXME REDHAT_BUGZILLA_PRODUCT="Red Hat Virtualization" REDHAT_BUGZILLA_PRODUCT_VERSION=7.3 REDHAT_SUPPORT_PRODUCT="Red Hat Virtualization" REDHAT_SUPPORT_PRODUCT_VERSION=7.3 How reproducible: Always Steps to Reproduce: 1. Install RHHI using RHV-H 4.1.2 async ISO 2. Now upgrade RHV-H ISO to 4.1.3. 3. Actual results: Hosted Engine HA score changes to 1800 due to the fact the ha broker is not able to run ping command. Expected results: Hosted engine HA score should be 3400 and /usr/bin/ping should have proper permissions. Additional info:
Target release should be placed once a package build is known to fix a issue. Since this bug is not modified, the target version has been reset. Please use target milestone to plan a fix for a oVirt release.
I can reproduce. Test version: iputils-20160308-8.el7.x86_64 imgbased-0.9.33-0.1.el7ev.noarch 4.1.2 async version: rhvh-4.1-0.20170616.0 +- rhvh-4.1-0.20170616.0+1 4.1.3 version: rhvh-4.1-0.20170706.0 +- rhvh-4.1-0.20170706.0+1 Test steps: 1. Install 4.1.2 async rhvh(0616). 2. Deploy HostedEngine 3. Add the additional two hosts to the cluster 4. Migrate HE-VM , upgrade rhvh to 4.1.3 version(0706) 5. Check HE status, agent.log Actual results: 1. The metadata score changed to 1800 which is set 3400 before upgrade. --== Host 1 status ==-- conf_on_shared_storage : True Status up-to-date : True Hostname : dhcp-66-150-175.nay.redhat.com Host ID : 1 Engine status : {"reason": "vm not running on this host", "health": "bad", "vm": "down", "detail": "unknown"} Score : 1800 stopped : False Local maintenance : False crc32 : 7454d657 local_conf_timestamp : 3292 Host timestamp : 3277 Extra metadata (valid at timestamp): metadata_parse_version=1 metadata_feature_version=1 timestamp=3277 (Mon Aug 7 11:28:11 2017) host-id=1 score=1800 vm_conf_refresh_time=3292 (Mon Aug 7 11:28:26 2017) conf_on_shared_storage=True maintenance=False state=EngineDown stopped=False 2. /usr/bin/ping got corrupted: [root@dell-per730-35 ~]# getcap /usr/bin/ping [root@dell-per730-35 ~]# Additional info: 1. Reinstall the package "iputils" can solve the problem. [root@dell-per730-35 opt]# rpm -e iputils-20160308-8.el7.x86_64 --nodeps [root@dell-per730-35 opt]# ls iputils-20160308-8.el7.x86_64.rpm [root@dell-per730-35 opt]# rpm -ivh iputils-20160308-8.el7.x86_64.rpm Preparing... ################################# [100%] Updating / installing... 1:iputils-20160308-8.el7 ################################# [100%] [root@dell-per730-35 opt]# getcap /usr/bin/ping /usr/bin/ping = cap_net_admin,cap_net_raw+p
Test version: rhvh-4.1-0.20170808.0+1 imgbased-0.9.41-0.1.el7ev.noarch ovirt-imageio-common-1.0.0-0.el7ev.noarch cockpit-ovirt-dashboard-0.10.7-0.0.21.el7ev.noarch python-ovirt-engine-sdk4-4.1.5-1.el7ev.x86_64 ovirt-setup-lib-1.1.3-1.el7ev.noarch ovirt-vmconsole-1.0.4-1.el7ev.noarch ovirt-vmconsole-host-1.0.4-1.el7ev.noarch ovirt-node-ng-nodectl-4.1.4-0.20170726.0.el7.noarch ovirt-imageio-daemon-1.0.0-0.el7ev.noarch ovirt-hosted-engine-setup-2.1.3.5-1.el7ev.noarch ovirt-engine-sdk-python-3.6.9.1-1.el7ev.noarch ovirt-hosted-engine-ha-2.1.4-1.el7ev.noarch ovirt-host-deploy-1.6.6-1.el7ev.noarch Test steps: 1. Install RHVH(rhvh-4.0-0.20170307.0) 2. Upgrade to the latest RHVH(rhvh-4.1-0.20170808.0+1) 3. Check the ping function( getcap /usr/bin/ping) Result: After step3, capabilities of /usr/bin/ping don't got corrupted and work well. [root@hp-dl385pg8-14 ~]# getcap /usr/bin/ping /usr/bin/ping = cap_net_admin,cap_net_raw+p So, change the bug's status to VERIFIED.