Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1542833 - oVirt Node upgrade fails if SELINUX is disabled
oVirt Node upgrade fails if SELINUX is disabled
Status: CLOSED ERRATA
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: imgbased (Show other bugs)
4.1.9
x86_64 Linux
unspecified Severity high
: ovirt-4.2.1
: 4.2.0
Assigned To: Yuval Turgeman
Huijuan Zhao
:
Depends On: 1519784
Blocks:
  Show dependency treegraph
 
Reported: 2018-02-07 01:19 EST by Germano Veit Michel
Modified: 2018-05-15 13:58 EDT (History)
11 users (show)

See Also:
Fixed In Version: imgbased-1.0.11
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1519784
Environment:
Last Closed: 2018-05-15 13:57:44 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Node
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 3346371 None None None 2018-02-07 01:20 EST
oVirt gerrit 84957 None None None 2018-02-07 01:19 EST
oVirt gerrit 85604 None None None 2018-02-07 01:19 EST
Red Hat Product Errata RHSA-2018:1524 None None None 2018-05-15 13:58 EDT

  None (edit)
Description Germano Veit Michel 2018-02-07 01:19:42 EST 
+++ This bug was initially created as a clone of Bug #1519784 +++

Description of problem:

If SELINUX is disabled, upgrade of node fails.

Version-Release number of selected component (if applicable):

4.1.1.1

How reproducible:

Always

Steps to Reproduce:
1. Install oVirt Node
2. Disable SELINUX
3. Try to upgrade oVirt Node

Actual results:

Upgrade fails

###

2017-11-28 17:25:28,372 [DEBUG] (MainThread) Returned: 
2017-11-28 17:25:28,434 [DEBUG] (MainThread) Creating /home as {'attach': True, 'size': '1G'}
2017-11-28 17:25:28,434 [DEBUG] (MainThread) Calling binary: (['vgs', '--noheadings', '@imgbased:volume', '-o', 'lv_full_name'],) {'stderr': <open file '/dev/null', mode 'w' at 0x7fa2d1ad8ed0>}
2017-11-28 17:25:28,434 [DEBUG] (MainThread) Calling: (['vgs', '--noheadings', '@imgbased:volume', '-o', 'lv_full_name'],) {'close_fds': True, 'stderr': <open file '/dev/null', mode 'w' at 0x7fa2d1ad8ed0>}
2017-11-28 17:25:28,533 [DEBUG] (MainThread) Returned: onn/home         
  onn/tmp          
  onn/var_log      
  onn/var_log_audit
2017-11-28 17:25:28,533 [DEBUG] (MainThread) Calling binary: (['umount', '-l', '/etc'],) {}
2017-11-28 17:25:28,534 [DEBUG] (MainThread) Calling: (['umount', '-l', '/etc'],) {'close_fds': True, 'stderr': -2}
2017-11-28 17:25:28,539 [DEBUG] (MainThread) Returned: 
2017-11-28 17:25:28,540 [DEBUG] (MainThread) Calling binary: (['umount', '-l', u'/tmp/mnt.tuHU8'],) {}
2017-11-28 17:25:28,540 [DEBUG] (MainThread) Calling: (['umount', '-l', u'/tmp/mnt.tuHU8'],) {'close_fds': True, 'stderr': -2}
2017-11-28 17:25:28,635 [DEBUG] (MainThread) Returned: 
2017-11-28 17:25:28,635 [DEBUG] (MainThread) Calling binary: (['rmdir', u'/tmp/mnt.tuHU8'],) {}
2017-11-28 17:25:28,635 [DEBUG] (MainThread) Calling: (['rmdir', u'/tmp/mnt.tuHU8'],) {'close_fds': True, 'stderr': -2}
2017-11-28 17:25:28,640 [DEBUG] (MainThread) Returned: 
2017-11-28 17:25:28,641 [ERROR] (MainThread) Failed to migrate etc
Traceback (most recent call last):
  File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/plugins/osupdater.py", line 109, in on_new_layer
    check_nist_layout(imgbase, new_lv)
  File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/plugins/osupdater.py", line 179, in check_nist_layout
    v.create(t, paths[t]["size"], paths[t]["attach"])
  File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/volume.py", line 48, in create
    "Path is already a volume: %s" % where
AssertionError: Path is already a volume: /home
2017-11-28 17:25:28,642 [DEBUG] (MainThread) Calling binary: (['umount', '-l', u'/tmp/mnt.bEW2k'],) {}
2017-11-28 17:25:28,642 [DEBUG] (MainThread) Calling: (['umount', '-l', u'/tmp/mnt.bEW2k'],) {'close_fds': True, 'stderr': -2}
2017-11-28 17:25:29,061 [DEBUG] (MainThread) Returned: 
2017-11-28 17:25:29,061 [DEBUG] (MainThread) Calling binary: (['rmdir', u'/tmp/mnt.bEW2k'],) {}
2017-11-28 17:25:29,061 [DEBUG] (MainThread) Calling: (['rmdir', u'/tmp/mnt.bEW2k'],) {'close_fds': True, 'stderr': -2}
2017-11-28 17:25:29,067 [DEBUG] (MainThread) Returned: 
2017-11-28 17:25:29,067 [DEBUG] (MainThread) Calling binary: (['umount', '-l', u'/tmp/mnt.UB5Yg'],) {}
2017-11-28 17:25:29,067 [DEBUG] (MainThread) Calling: (['umount', '-l', u'/tmp/mnt.UB5Yg'],) {'close_fds': True, 'stderr': -2}
2017-11-28 17:25:29,625 [DEBUG] (MainThread) Returned: 
2017-11-28 17:25:29,625 [DEBUG] (MainThread) Calling binary: (['rmdir', u'/tmp/mnt.UB5Yg'],) {}
2017-11-28 17:25:29,626 [DEBUG] (MainThread) Calling: (['rmdir', u'/tmp/mnt.UB5Yg'],) {'close_fds': True, 'stderr': -2}
2017-11-28 17:25:29,631 [DEBUG] (MainThread) Returned: 
Traceback (most recent call last):
  File "/usr/lib64/python2.7/runpy.py", line 162, in _run_module_as_main
    "__main__", fname, loader, pkg_name)
  File "/usr/lib64/python2.7/runpy.py", line 72, in _run_code
    exec code in run_globals
  File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/__main__.py", line 53, in <module>
    CliApplication()
  File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/__init__.py", line 82, in CliApplication
    app.hooks.emit("post-arg-parse", args)
  File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/hooks.py", line 120, in emit
    cb(self.context, *args)
  File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/plugins/update.py", line 56, in post_argparse
    base_lv, _ = LiveimgExtractor(app.imgbase).extract(args.FILENAME)
  File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/plugins/update.py", line 118, in extract
    "%s" % size, nvr)
  File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/plugins/update.py", line 99, in add_base_with_tree
    new_layer_lv = self.imgbase.add_layer(new_base)
  File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/imgbase.py", line 191, in add_layer
    self.hooks.emit("new-layer-added", prev_lv, new_lv)
  File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/hooks.py", line 120, in emit
    cb(self.context, *args)
  File "/tmp/tmp.ipxGZrbQEi/usr/lib/python2.7/site-packages/imgbased/plugins/osupdater.py", line 123, in on_new_layer
    raise ConfigMigrationError()
imgbased.plugins.osupdater.ConfigMigrationError



$semanage permissive -a setfiles_t
SELinux:  Could not downgrade policy file /etc/selinux/targeted/policy/policy.30, searching for an older version.
SELinux:  Could not open policy file <= /etc/selinux/targeted/policy/policy.30:  No such file or directory
/sbin/load_policy:  Can't load policy:  No such file or directory
libsemanage.semanage_reload_policy: load_policy returned error code 2. (No such file or directory).
SELinux:  Could not downgrade policy file /etc/selinux/targeted/policy/policy.30, searching for an older version.
SELinux:  Could not open policy file <= /etc/selinux/targeted/policy/policy.30:  No such file or directory
/sbin/load_policy:  Can't load policy:  No such file or directory
libsemanage.semanage_reload_policy: load_policy returned error code 2. (No such file or directory).
OSError: No such file or directory

###


Expected results:

Upgrade / Update should work


Additional info:

--- Additional comment from Ryan Barry on 2017-12-01 08:14:27 EST ---

The traceback here is misleading. Please remove the NIST LVs before attempting to upgrade again.

Why is selinux disabled? We can patch around this by checking in SELinuxContext, but oVirt Node runs without problems with SELinux enabled.

--- Additional comment from Kilian Ries on 2017-12-01 09:58:26 EST ---

Yes that is right, it was not the right imgbased-log. I have another one where i removed the LVs before upgrade.

SELINUX is disabled because of a third party package which i installed via yum (wich is not compatible with SELINUX) ...

--- Additional comment from Huijuan Zhao on 2017-12-04 03:37:59 EST ---

QE can reproduce this issue.

Test version:
From: ovovirt-node-ng-installer-ovirt-4.1-pre-2017101110.iso
To:   ovirt-node-ng-image-update-4.2.0-0.3.beta.20171115142956.gitba54278.el7.centos.noarch.rpm

Test steps:
1. Install ovovirt-node-ng-installer-ovirt-4.1-pre-2017101110.iso
2. Disable selinux
# getenforce 
Disabled
3. Upgrade ovirt-node to ovovirt-node-ng-image-update-4.2.0-0.3.beta.20171115142956.gitba54278.el7.centos.noarch.rpm

Actual results:
After step3, upgrade failed.

# yum install ovirt-node to ovovirt-node-ng-image-update-4.2.0-0.3.beta.20171115142956.gitba54278.el7.centos.noarch.rpm
...
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : ovirt-node-ng-image-update-4.2.0-0.3.beta.20171115142956.gitba54278.el7.centos.noarch                                          1/2 
warning: %post(ovirt-node-ng-image-update-4.2.0-0.3.beta.20171115142956.gitba54278.el7.centos.noarch) scriptlet failed, exit status 1
Non-fatal POSTIN scriptlet failure in rpm package ovirt-node-ng-image-update-4.2.0-0.3.beta.20171115142956.gitba54278.el7.centos.noarch
  Erasing    : ovirt-node-ng-image-update-placeholder-4.1.7-0.3.rc3.20171010112718.git2411e97.el7.centos.noarch                               2/2 
  Verifying  : ovirt-node-ng-image-update-4.2.0-0.3.beta.20171115142956.gitba54278.el7.centos.noarch                                          1/2 
  Verifying  : ovirt-node-ng-image-update-placeholder-4.1.7-0.3.rc3.20171010112718.git2411e97.el7.centos.noarch                               2/2 

Installed:
  ovirt-node-ng-image-update.noarch 0:4.2.0-0.3.beta.20171115142956.gitba54278.el7.centos                                                         

Replaced:
  ovirt-node-ng-image-update-placeholder.noarch 0:4.1.7-0.3.rc3.20171010112718.git2411e97.el7.centos                                              

Complete!


Expected results:
After step3, can upgrade successful.

--- Additional comment from Huijuan Zhao on 2018-01-30 02:46:47 EST ---

Test version:
From: rhvh-4.1-0.20171101.0
To:   rhvh-4.2.1.2-0.20180126.0
      imgbased-1.0.8-0.1.el7ev.noarch

Test steps:
Same as Comment 3

Test results:
After Step3, can upgrade successful.

So this bug is fixed in rhvh-4.2.1.2-0.20180126.0, change the status to VERIFIED.
Comment 7 Huijuan Zhao 2018-02-08 03:34:01 EST 
According to comment 0, this bug is fixed in rhvh-4.2.1.2-0.20180126.0, change the status to VERIFIED.
Comment 14 errata-xmlrpc 2018-05-15 13:57:44 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:1524
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.