Description of problem: See bug 1528813. ovirt-hosted-engine-cleanup calls 'vdsm-tool remove-config', but this leaves at least some files changed by vdsm with the changes. First one I noticed is that libvirtd fails to start with: Dec 24 13:21:57 lvc7host1.home.local libvirtd[16297]: 2017-12-24 11:21:57.641+0000: 16297: error : virNetTLSContextCheckCertFile:120 : Cannot read CA certificate '/etc/pki/vdsm/certs/cacert.pem': No such file or directory Because /etc/libvirt/libvirtd.conf has: ## beginning of configuration section by vdsm-4.20.0 auth_unix_rw="sasl" ca_file="/etc/pki/vdsm/certs/cacert.pem" cert_file="/etc/pki/vdsm/certs/vdsmcert.pem" host_uuid="88f843a0-fdda-4eb2-bdb4-b6edacd7ad6e" keepalive_interval=-1 key_file="/etc/pki/vdsm/keys/vdsmkey.pem" unix_sock_group="qemu" unix_sock_rw_perms="0770" ## end of configuration section by vdsm-4.20.0 which is not removed, while the cleanup script later does remove vdsmcert.pem , so libvirtd fails to read it. Version-Release number of selected component (if applicable): Current master How reproducible: Not sure, I think always Steps to Reproduce: 1. deploy hosted-engine. It's probably enough to 'vdsm-tool configure --force'. 2. vdsm-tool remove-config 3. Actual results: All configuration files changed by (1.) are reverted to their original state. Expected results: At least some are not. Additional info:
Testing on vdsm-4.20.9.3-1.el7.centos.x86_64 Still fails to run libvirtd with Jan 8 16:03:43 localhost libvirtd: 2018-01-08 15:03:43.760+0000: 5187: error : virNetTLSContextCheckCertFile:120 : Cannot read CA certificate '/etc/pki/vdsm/certs/cacert.pem': No such file or directory [root@$hostname ~]# tail -10 /etc/libvirt/libvirtd.conf ## beginning of configuration section by vdsm-4.20.0 auth_unix_rw="sasl" ca_file="/etc/pki/vdsm/certs/cacert.pem" cert_file="/etc/pki/vdsm/certs/vdsmcert.pem" host_uuid="$uuid" keepalive_interval=-1 key_file="/etc/pki/vdsm/keys/vdsmkey.pem" unix_sock_group="qemu" unix_sock_rw_perms="0770" ## end of configuration section by vdsm-4.20.0
vdsm-4.20.9.3 does not include the fix. please verify with http://gerrit.ovirt.org/85719 - the section is removed after running remove-config
my verification is the following, correct me if your scenario is different: ~ tail -10 /etc/libvirt/libvirtd.conf ## beginning of configuration section by vdsm-4.20.0 auth_unix_rw="sasl" ca_file="/etc/pki/vdsm/certs/cacert.pem" cert_file="/etc/pki/vdsm/certs/vdsmcert.pem" host_uuid="09528c43-d5f5-4012-9244-239ab8d0f35a" keepalive_interval=-1 key_file="/etc/pki/vdsm/keys/vdsmkey.pem" unix_sock_group="qemu" unix_sock_rw_perms="0770" ## end of configuration section by vdsm-4.20.0 ~ vdsm-tool remove-config ~ tail -10 /etc/libvirt/libvirtd.conf #admin_keepalive_count = 5 ################################################################### # Open vSwitch: # This allows to specify a timeout for openvswitch calls made by # libvirt. The ovs-vsctl utility is used for the configuration and # its timeout option is set by default to 5 seconds to avoid # potential infinite waits blocking libvirt. # #ovs_timeout = 5
I tried running 'vdsm-tool remove-config' and also 'ovirt-hosted-engine-cleanup' I will reverify when new package with this change is built and included
The fix is part 4.2.1-1 build
Verified on vdsm-4.20.13-1.el7.centos.x86_64
This bugzilla is included in oVirt 4.2.1 release, published on Feb 12th 2018. Since the problem described in this bug report should be resolved in oVirt 4.2.1 release, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report.