Bug 1590405 - [GSS] RHGSWA ansible playbook runs yum update
Summary: [GSS] RHGSWA ansible playbook runs yum update
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Gluster Storage
Classification: Red Hat
Component: web-admin-tendrl-ansible
Version: rhgs-3.3
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: ---
: RHGS 3.4.0
Assignee: Nishanth Thomas
QA Contact: Daniel Horák
URL:
Whiteboard:
Depends On:
Blocks: 1503138
TreeView+ depends on / blocked
 
Reported: 2018-06-12 14:50 UTC by Cal Calhoun
Modified: 2018-09-04 07:08 UTC (History)
7 users (show)

Fixed In Version: tendrl-ansible-1.6.3-5.el7rhgs
Doc Type: Bug Fix
Doc Text:
Cause: tendrl-ansible runs "yum update" by default and all involved systems were updated with latest packages Consequence: unintentional patching of OS/service occurs which not desirable for production systems Fix: Drop the "yum update" from ansible playbooks Result: tendrl-ansible does not perform unintentional package updates
Clone Of:
Environment:
Last Closed: 2018-09-04 07:07:28 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:2616 None None None 2018-09-04 07:08:29 UTC

Description Cal Calhoun 2018-06-12 14:50:49 UTC
During installation of Red Hat Gluster Storage Web Administration per [1] it was noticed that all involved systems were updated even if it was not explicitly mentioned in the documentation.

It appears that "yum update" is a part of the site.yml.

That is undesirable for production systems because OS/service patching is treated differently.  I don't think we really want to perform unintentional patching of production systems during installation of "just" monitoring console (tendrl).

It would be better to remove the yum update from the playbook, spell it out as a prerequisite if it really is, or make it a configurable option that is clearly spelled out in the docs.

[1] https://access.redhat.com/documentation/en-us/red_hat_gluster_storage/3.3/html-single/quick_start_guide/#web_administration_installation

Comment 2 Martin Bukatovic 2018-06-12 15:45:19 UTC
This yum update task has been removed in upstream[1], so that next RHGS WA
version will address the problem.

Also note that the playbook is just an example, as it's stated in the file:

# This is an example of a ansible playbook to install Tendrl, automating steps
# from upstream *Tendrl Package Installation Reference*. You need to review it
# and either tweak it or use it as a starting point before installing
# Tendrl.

So the obvious tweak here is to drop the yum update. But I agree that the
yum update part should have been at least commented out in downstream.

That said, this approach with playbook example file which one needs to tweak
first *clearly failed*, so in upstream, we moved to a playbook which is both
minimal and doesn't require to be edited[2]. This change will arrive in next RHGS
WA as well.

[1] https://github.com/Tendrl/tendrl-ansible/commit/12d5cc9f41d7383557c8151fbe77103026f409d0
[2] https://github.com/Tendrl/tendrl-ansible/blob/release/1.6.3/site.yml

Comment 8 Daniel Horák 2018-07-11 12:32:48 UTC
No "general" yum update (or equivalent command) is called neither in site.yml[1]
neither in any other playbook or role included in tendrl-ansible package.

Tested with version:
# rpm -q tendrl-ansible
  tendrl-ansible-1.6.3-5.el7rhgs.noarch

[1] /usr/share/doc/tendrl-ansible-1.6.3/site.yml

>> VERIFIED

Comment 12 errata-xmlrpc 2018-09-04 07:07:28 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:2616


Note You need to log in before you can comment on or make changes to this bug.