1543988 – hosted-engine --get-shared-config rewrites all the hosted-engine configuration files loosing spm id

Bug 1543988 - hosted-engine --get-shared-config rewrites all the hosted-engine configuration files loosing spm id

Summary: hosted-engine --get-shared-config rewrites all the hosted-engine configuratio...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	ovirt-hosted-engine-ha
Classification:	oVirt
Component:	General
Sub Component:
Version:	---
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	urgent
Target Milestone:	ovirt-4.2.2
Target Release:	---
Assignee:	Martin Sivák
QA Contact:	Nikolai Sednev
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1458711 1554283
TreeView+	depends on / blocked

Reported:	2018-02-09 18:04 UTC by Simone Tiraboschi
Modified:	2018-03-29 11:07 UTC (History)
CC List:	1 user (show)
Fixed In Version:	ovirt-hosted-engine-ha-2.2.7-1
Clone Of:
Clones:	1554283 (view as bug list)
Environment:
Last Closed:	2018-03-29 11:07:17 UTC
oVirt Team:	Integration
Embargoed:
Flags:	rule-engine: ovirt-4.1+ rule-engine: ovirt-4.2+ rule-engine: ovirt-4.3+ rule-engine: blocker+

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
oVirt gerrit	87536	master	MERGED	Refactor configuration file loader	2021-02-07 15:50:40 UTC
oVirt gerrit	88391	master	MERGED	Put timestamp into local vm.conf	2021-02-07 15:50:40 UTC
oVirt gerrit	88397	master	MERGED	Add support for ini formatted config files	2021-02-07 15:50:40 UTC
oVirt gerrit	88468	master	MERGED	Make local hosted engine conf editable	2021-02-07 15:50:40 UTC
oVirt gerrit	88469	master	MERGED	Change config types to something the user can understand	2021-02-07 15:50:40 UTC
oVirt gerrit	88495	v2.2.z	MERGED	Refactor configuration file loader	2021-02-07 15:50:41 UTC
oVirt gerrit	88496	v2.2.z	MERGED	Put timestamp into local vm.conf	2021-02-07 15:50:41 UTC
oVirt gerrit	88498	v2.2.z	MERGED	Add support for ini formatted config files	2021-02-07 15:50:42 UTC
oVirt gerrit	88499	v2.2.z	MERGED	Make local hosted engine conf editable	2021-02-07 15:50:41 UTC
oVirt gerrit	88500	v2.2.z	MERGED	Change config types to something the user can understand	2021-02-07 15:50:41 UTC
oVirt gerrit	88548	v2.2.z	MERGED	Download the legacy vm.conf before reading it	2021-02-07 15:50:41 UTC
oVirt gerrit	88557	v2.2.z	MERGED	Use self._logger as property not a method	2021-02-07 15:50:41 UTC
oVirt gerrit	88558	v2.2.z	MERGED	Legacy vm.conf is called just vm.conf in the archive	2021-02-07 15:50:42 UTC
oVirt gerrit	88824	ovirt-hosted-engine-setup-2.2	MERGED	core: fix constants to match HA client	2021-02-07 15:50:42 UTC
oVirt gerrit	88860	master	MERGED	Reload he config file when checking for local maintenance	2021-02-07 15:50:42 UTC
oVirt gerrit	88861	v2.2.z	MERGED	Reload he config file when checking for local maintenance	2021-02-07 15:50:42 UTC

Description Simone Tiraboschi 2018-02-09 18:04:19 UTC

Description of problem:

hosted-engine --get-shared-config will write vm.conf with wrong ownership if not present 

[root@c74he20180108h1 ~]# ls -l /var/run/ovirt-hosted-engine-ha/vm.conf 
-rw-r--r--. 1 vdsm kvm 8113  9 feb 18.56 /var/run/ovirt-hosted-engine-ha/vm.conf
[root@c74he20180108h1 ~]# rm -f /var/run/ovirt-hosted-engine-ha/vm.conf; hosted-engine --get-shared-config gateway

gateway : 192.168.1.1, type : he_conf

[root@c74he20180108h1 ~]# ls -l /var/run/ovirt-hosted-engine-ha/vm.conf 
-rw-r--r--. 1 root root 8113  9 feb 18.56 /var/run/ovirt-hosted-engine-ha/vm.conf

ovirt-ha-agent runs as vdsm and so it will fail trying to refresh vm.conf

MainThread::INFO::2018-02-09 18:58:59,561::ovf_store::118::ovirt_hosted_engine_ha.lib.ovf.ovf_store.OVFStore::(scan) Found OVF_STORE: imgUUID:7482540b-ea01-4f8c-93d4-a9d46e93e6eb, volUUID:b7130665-8e41-44a3-970d-f97809bda7e7
MainThread::INFO::2018-02-09 18:59:00,132::ovf_store::118::ovirt_hosted_engine_ha.lib.ovf.ovf_store.OVFStore::(scan) Found OVF_STORE: imgUUID:c78da68d-fc54-48a1-9e99-bcd1f9712b21, volUUID:37e76796-21f3-4531-85a1-97e213fb534f
MainThread::INFO::2018-02-09 18:59:01,372::ovf_store::149::ovirt_hosted_engine_ha.lib.ovf.ovf_store.OVFStore::(getEngineVMOVF) OVF_STORE volume path: /var/run/vdsm/storage/997acd46-4433-4154-b6ea-99ff26da6fe9/c78da68d-fc54-48a1-9e99-bcd1f9712b21/37e76796-21f3-4531-85a1-97e213fb534f
MainThread::ERROR::2018-02-09 18:59:01,385::agent::144::ovirt_hosted_engine_ha.agent.agent.Agent::(_run_agent) Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ovirt_hosted_engine_ha/agent/agent.py", line 131, in _run_agent
    return action(he)
  File "/usr/lib/python2.7/site-packages/ovirt_hosted_engine_ha/agent/agent.py", line 55, in action_proper
    return he.start_monitoring()
  File "/usr/lib/python2.7/site-packages/ovirt_hosted_engine_ha/agent/hosted_engine.py", line 424, in start_monitoring
    self._config.refresh_vm_conf()
  File "/usr/lib/python2.7/site-packages/ovirt_hosted_engine_ha/env/config.py", line 523, in refresh_vm_conf
    if self._publish_local_conf_file(VM, content):
  File "/usr/lib/python2.7/site-packages/ovirt_hosted_engine_ha/env/config.py", line 409, in _publish_local_conf_file
    with open(localcopy_filename, 'w') as target:
IOError: [Errno 13] Permission denied: '/var/run/ovirt-hosted-engine-ha/vm.conf'



Version-Release number of selected component (if applicable):
2.2.8

How reproducible:
100%

Steps to Reproduce:
1. rm -f /var/run/ovirt-hosted-engine-ha/vm.conf; hosted-engine --get-shared-config gateway (as root)
2. ls -l /var/run/ovirt-hosted-engine-ha/vm.conf 
3.

Actual results:
/var/run/ovirt-hosted-engine-ha/vm.conf is owned by root:root

Expected results:
/var/run/ovirt-hosted-engine-ha/vm.conf is owned by vdsm:kvm

Additional info:

Comment 1 Simone Tiraboschi 2018-02-12 15:18:43 UTC

This looks by far worst than I though.
/etc/ovirt-hosted-engine/hosted-engine.conf got also rewrote by the copy on the shared storage and so all the host where hosted-engine --get-shared-config get executed will end with host_id=1 causing an spm collision almost for sure.

Comment 2 Simone Tiraboschi 2018-02-12 15:42:29 UTC

I think it affects 4.1 as well.

Comment 4 Nikolai Sednev 2018-03-19 10:37:25 UTC

[root@alma03 ~]# rm -f /var/run/ovirt-hosted-engine-ha/vm.conf
[root@alma03 ~]# hosted-engine --get-shared-config gateway
Duplicate key gateway, please specify the key type
[root@alma03 ~]# ls -l /var/run/ovirt-hosted-engine-ha/vm.conf 
-rw-r--r--. 1 vdsm kvm 9582 Mar 19 12:34 /var/run/ovirt-hosted-engine-ha/vm.conf

ovirt-hosted-engine-ha-2.2.7-1.el7ev.noarch
ovirt-hosted-engine-setup-2.2.13-1.el7ev.noarch
rhvm-appliance-4.2-20180202.0.el7.noarch
Linux 3.10.0-861.el7.x86_64 #1 SMP Wed Mar 14 10:21:01 EDT 2018 x86_64 x86_64 x86_64 GNU/Linux
Red Hat Enterprise Linux Server release 7.5 (Maipo)


Privilege is vdsm:kvm.

Moving to verified.

Comment 5 Sandro Bonazzola 2018-03-29 11:07:17 UTC

This bugzilla is included in oVirt 4.2.2 release, published on March 28th 2018.

Since the problem described in this bug report should be
resolved in oVirt 4.2.2 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.

Note You need to log in before you can comment on or make changes to this bug.