Bug 1519784 - oVirt Node upgrade fails if SELINUX is disabled
Summary: oVirt Node upgrade fails if SELINUX is disabled
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: ovirt-node
Classification: oVirt
Component: Installation & Update
Version: 4.1
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: ovirt-4.2.1
: ---
Assignee: Yuval Turgeman
QA Contact: Huijuan Zhao
URL:
Whiteboard:
Depends On:
Blocks: 1542833
TreeView+ depends on / blocked
 
Reported: 2017-12-01 13:03 UTC by Kilian Ries
Modified: 2020-11-14 04:46 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
: 1542833 (view as bug list)
Environment:
Last Closed: 2018-02-12 11:46:56 UTC
oVirt Team: Node
Embargoed:
rule-engine: ovirt-4.2+
huzhao: testing_ack+

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
oVirt gerrit 84957 0 'None' MERGED Avoid running semanage when selinux is disabled 2020-09-23 11:07:57 UTC
oVirt gerrit 85604 0 'None' MERGED Avoid running semanage when selinux is disabled 2020-09-23 11:07:57 UTC

Description Kilian Ries 2017-12-01 13:03:50 UTC 
Description of problem:

If SELINUX is disabled, upgrade of node fails.

Version-Release number of selected component (if applicable):

4.1.1.1

How reproducible:

Always

Steps to Reproduce:
1. Install oVirt Node
2. Disable SELINUX
3. Try to upgrade oVirt Node

Actual results:

Upgrade fails

###

2017-11-28 17:25:28,372 [DEBUG] (MainThread) Returned: 
2017-11-28 17:25:28,434 [DEBUG] (MainThread) Creating /home as {'attach': True, 'size': '1G'}
2017-11-28 17:25:28,434 [DEBUG] (MainThread) Calling binary: (['vgs', '--noheadings', '@imgbased:volume', '-o', 'lv_full_name'],) {'stderr': <open file '/dev/null', mode 'w' at 0x7fa2d1ad8ed0>}
2017-11-28 17:25:28,434 [DEBUG] (MainThread) Calling: (['vgs', '--noheadings', '@imgbased:volume', '-o', 'lv_full_name'],) {'close_fds': True, 'stderr': <open file '/dev/null', mode 'w' at 0x7fa2d1ad8ed0>}
2017-11-28 17:25:28,533 [DEBUG] (MainThread) Returned: onn/home         
  onn/tmp          
  onn/var_log      
  onn/var_log_audit
2017-11-28 17:25:28,533 [DEBUG] (MainThread) Calling binary: (['umount', '-l', '/etc'],) {}
2017-11-28 17:25:28,534 [DEBUG] (MainThread) Calling: (['umount', '-l', '/etc'],) {'close_fds': True, 'stderr': -2}
2017-11-28 17:25:28,539 [DEBUG] (MainThread) Returned: 
2017-11-28 17:25:28,540 [DEBUG] (MainThread) Calling binary: (['umount', '-l', u'/tmp/mnt.tuHU8'],) {}
2017-11-28 17:25:28,540 [DEBUG] (MainThread) Calling: (['umount', '-l', u'/tmp/mnt.tuHU8'],) {'close_fds': True, 'stderr': -2}
2017-11-28 17:25:28,635 [DEBUG] (MainThread) Returned: 
2017-11-28 17:25:28,635 [DEBUG] (MainThread) Calling binary: (['rmdir', u'/tmp/mnt.tuHU8'],) {}
2017-11-28 17:25:28,635 [DEBUG] (MainThread) Calling: (['rmdir', u'/tmp/mnt.tuHU8'],) {'close_fds': True, 'stderr': -2}
2017-11-28 17:25:28,640 [DEBUG] (MainThread) Returned: 
2017-11-28 17:25:28,641 [ERROR] (MainThread) Failed to migrate etc
Traceback (most recent call last):
  File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/plugins/osupdater.py", line 109, in on_new_layer
    check_nist_layout(imgbase, new_lv)
  File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/plugins/osupdater.py", line 179, in check_nist_layout
    v.create(t, paths[t]["size"], paths[t]["attach"])
  File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/volume.py", line 48, in create
    "Path is already a volume: %s" % where
AssertionError: Path is already a volume: /home
2017-11-28 17:25:28,642 [DEBUG] (MainThread) Calling binary: (['umount', '-l', u'/tmp/mnt.bEW2k'],) {}
2017-11-28 17:25:28,642 [DEBUG] (MainThread) Calling: (['umount', '-l', u'/tmp/mnt.bEW2k'],) {'close_fds': True, 'stderr': -2}
2017-11-28 17:25:29,061 [DEBUG] (MainThread) Returned: 
2017-11-28 17:25:29,061 [DEBUG] (MainThread) Calling binary: (['rmdir', u'/tmp/mnt.bEW2k'],) {}
2017-11-28 17:25:29,061 [DEBUG] (MainThread) Calling: (['rmdir', u'/tmp/mnt.bEW2k'],) {'close_fds': True, 'stderr': -2}
2017-11-28 17:25:29,067 [DEBUG] (MainThread) Returned: 
2017-11-28 17:25:29,067 [DEBUG] (MainThread) Calling binary: (['umount', '-l', u'/tmp/mnt.UB5Yg'],) {}
2017-11-28 17:25:29,067 [DEBUG] (MainThread) Calling: (['umount', '-l', u'/tmp/mnt.UB5Yg'],) {'close_fds': True, 'stderr': -2}
2017-11-28 17:25:29,625 [DEBUG] (MainThread) Returned: 
2017-11-28 17:25:29,625 [DEBUG] (MainThread) Calling binary: (['rmdir', u'/tmp/mnt.UB5Yg'],) {}
2017-11-28 17:25:29,626 [DEBUG] (MainThread) Calling: (['rmdir', u'/tmp/mnt.UB5Yg'],) {'close_fds': True, 'stderr': -2}
2017-11-28 17:25:29,631 [DEBUG] (MainThread) Returned: 
Traceback (most recent call last):
  File "/usr/lib64/python2.7/runpy.py", line 162, in _run_module_as_main
    "__main__", fname, loader, pkg_name)
  File "/usr/lib64/python2.7/runpy.py", line 72, in _run_code
    exec code in run_globals
  File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/__main__.py", line 53, in <module>
    CliApplication()
  File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/__init__.py", line 82, in CliApplication
    app.hooks.emit("post-arg-parse", args)
  File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/hooks.py", line 120, in emit
    cb(self.context, *args)
  File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/plugins/update.py", line 56, in post_argparse
    base_lv, _ = LiveimgExtractor(app.imgbase).extract(args.FILENAME)
  File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/plugins/update.py", line 118, in extract
    "%s" % size, nvr)
  File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/plugins/update.py", line 99, in add_base_with_tree
    new_layer_lv = self.imgbase.add_layer(new_base)
  File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/imgbase.py", line 191, in add_layer
    self.hooks.emit("new-layer-added", prev_lv, new_lv)
  File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/hooks.py", line 120, in emit
    cb(self.context, *args)
  File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/plugins/osupdater.py", line 123, in on_new_layer
    raise ConfigMigrationError()
imgbased.plugins.osupdater.ConfigMigrationError



$semanage permissive -a setfiles_t
SELinux:  Could not downgrade policy file /etc/selinux/targeted/policy/policy.30, searching for an older version.
SELinux:  Could not open policy file <= /etc/selinux/targeted/policy/policy.30:  No such file or directory
/sbin/load_policy:  Can't load policy:  No such file or directory
libsemanage.semanage_reload_policy: load_policy returned error code 2. (No such file or directory).
SELinux:  Could not downgrade policy file /etc/selinux/targeted/policy/policy.30, searching for an older version.
SELinux:  Could not open policy file <= /etc/selinux/targeted/policy/policy.30:  No such file or directory
/sbin/load_policy:  Can't load policy:  No such file or directory
libsemanage.semanage_reload_policy: load_policy returned error code 2. (No such file or directory).
OSError: No such file or directory

###


Expected results:

Upgrade / Update should work


Additional info:
Comment 1 Ryan Barry 2017-12-01 13:14:27 UTC 
The traceback here is misleading. Please remove the NIST LVs before attempting to upgrade again.

Why is selinux disabled? We can patch around this by checking in SELinuxContext, but oVirt Node runs without problems with SELinux enabled.
Comment 2 Kilian Ries 2017-12-01 14:58:26 UTC 
Yes that is right, it was not the right imgbased-log. I have another one where i removed the LVs before upgrade.

SELINUX is disabled because of a third party package which i installed via yum (wich is not compatible with SELINUX) ...
Comment 3 Huijuan Zhao 2017-12-04 08:37:59 UTC 
QE can reproduce this issue.

Test version:
From: ovovirt-node-ng-installer-ovirt-4.1-pre-2017101110.iso
To:   ovirt-node-ng-image-update-4.2.0-0.3.beta.20171115142956.gitba54278.el7.centos.noarch.rpm

Test steps:
1. Install ovovirt-node-ng-installer-ovirt-4.1-pre-2017101110.iso
2. Disable selinux
# getenforce 
Disabled
3. Upgrade ovirt-node to ovovirt-node-ng-image-update-4.2.0-0.3.beta.20171115142956.gitba54278.el7.centos.noarch.rpm

Actual results:
After step3, upgrade failed.

# yum install ovirt-node to ovovirt-node-ng-image-update-4.2.0-0.3.beta.20171115142956.gitba54278.el7.centos.noarch.rpm
...
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : ovirt-node-ng-image-update-4.2.0-0.3.beta.20171115142956.gitba54278.el7.centos.noarch                                          1/2 
warning: %post(ovirt-node-ng-image-update-4.2.0-0.3.beta.20171115142956.gitba54278.el7.centos.noarch) scriptlet failed, exit status 1
Non-fatal POSTIN scriptlet failure in rpm package ovirt-node-ng-image-update-4.2.0-0.3.beta.20171115142956.gitba54278.el7.centos.noarch
  Erasing    : ovirt-node-ng-image-update-placeholder-4.1.7-0.3.rc3.20171010112718.git2411e97.el7.centos.noarch                               2/2 
  Verifying  : ovirt-node-ng-image-update-4.2.0-0.3.beta.20171115142956.gitba54278.el7.centos.noarch                                          1/2 
  Verifying  : ovirt-node-ng-image-update-placeholder-4.1.7-0.3.rc3.20171010112718.git2411e97.el7.centos.noarch                               2/2 

Installed:
  ovirt-node-ng-image-update.noarch 0:4.2.0-0.3.beta.20171115142956.gitba54278.el7.centos                                                         

Replaced:
  ovirt-node-ng-image-update-placeholder.noarch 0:4.1.7-0.3.rc3.20171010112718.git2411e97.el7.centos                                              

Complete!


Expected results:
After step3, can upgrade successful.
Comment 4 Huijuan Zhao 2018-01-30 07:46:47 UTC 
Test version:
From: rhvh-4.1-0.20171101.0
To:   rhvh-4.2.1.2-0.20180126.0
      imgbased-1.0.8-0.1.el7ev.noarch

Test steps:
Same as Comment 3

Test results:
After Step3, can upgrade successful.

So this bug is fixed in rhvh-4.2.1.2-0.20180126.0, change the status to VERIFIED.
Comment 5 Sandro Bonazzola 2018-02-12 11:46:56 UTC 
This bugzilla is included in oVirt 4.2.1 release, published on Feb 12th 2018.

Since the problem described in this bug report should be
resolved in oVirt 4.2.1 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.
Note You need to log in before you can comment on or make changes to this bug.