Bug 1558500 - httpd configuration is not updated on upgrade
Summary: httpd configuration is not updated on upgrade
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: ovirt-engine
Classification: oVirt
Component: Setup.Engine
Version: 4.2.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ovirt-4.2.3
: 4.2.3.2
Assignee: Yedidyah Bar David
QA Contact: Jiri Belka
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-03-20 10:56 UTC by Yedidyah Bar David
Modified: 2018-05-10 06:33 UTC (History)
2 users (show)

Fixed In Version: ovirt-engine-4.2.3.2
Doc Type: If docs needed, set a value
Doc Text:
engine-setup now checks if apache httpd's ssl.conf file needs updates also on upgrades, prompts accordingly, and applies the updates as needed.
Clone Of:
Environment:
Last Closed: 2018-05-10 06:33:27 UTC
oVirt Team: Integration
rule-engine: ovirt-4.2+
rule-engine: exception+


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
oVirt gerrit 89650 0 master MERGED packaging: setup: Reconfigure apache httpd if needed 2020-04-05 12:14:43 UTC
oVirt gerrit 89747 0 ovirt-engine-4.2 MERGED packaging: setup: Reconfigure apache httpd if needed 2020-04-05 12:14:43 UTC

Description Yedidyah Bar David 2018-03-20 10:56:52 UTC
Description of problem:

$summary.

This affects specifically:

1. Adding ovirt-requests-log to ssl.conf, bug 1347631.

2. Disabling TLSv1.0, bug 1388456.

So systems upgraded from 4.0 will not have these two configured.

Version-Release number of selected component (if applicable):

All versions in principle. In practice:

- Between 3.3 and 3.6 we didn't change httpd conf much

- Upgrade from el6 to el7 was not possible, which was usually done at 3.6->4.0. engine-backup was changed to make engine-setup always ask during restore, bug 1318580.

- Upgrades from 4.0 are later are affected.

How reproducible:
Always

Steps to Reproduce:
1. Install and setup 4.0 or 4.1 engine
2. Upgrade to a later version
3. grep -E 'CustomLog logs/ovirt-requests-log|^SSLProtocol' /etc/httpd/conf.d/ssl.conf

Actual results:

engine-setup does not ask about, nor reconfigure, apache httpd.

Output of the command in step 3 is empty.

Expected results:

engine-setup checks if changes are needed, queries the user if so, and reconfigures.

Output in step 3 is identical to the output of the same command on a clean 4.2 setup, which is:

SSLProtocol all -SSLv3 -TLSv1
CustomLog logs/ovirt-requests-log  "%t %h \"Correlation-Id: %{Correlation-Id}o\" \"Duration: %Dus\" \"%r\" %b"

Additional info:

Current behavior was introduced deliberately, by the following patch:

https://gerrit.ovirt.org/#/q/Iadae29234702c35fbead6bdb45eccffed895a109,n,z

which was included since 3.4.

Comment 1 Jiri Belka 2018-04-20 10:16:01 UTC
ok, tested through ovirt-engine-4.1.11.2-0.1.el7.noarch to ovirt-engine-4.2.3.2-0.1.el7.noarch

Comment 2 Jiri Belka 2018-04-20 10:16:35 UTC
(In reply to Jiri Belka from comment #1)
> ok, tested through ovirt-engine-4.1.11.2-0.1.el7.noarch to
> ovirt-engine-4.2.3.2-0.1.el7.noarch

on 4.1.11 i manually changed httpd.conf and verified after upgrade

Comment 3 Sandro Bonazzola 2018-05-10 06:33:27 UTC
This bugzilla is included in oVirt 4.2.3 release, published on May 4th 2018.

Since the problem described in this bug report should be
resolved in oVirt 4.2.3 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.