+++ This bug is a downstream clone. The original bug is: +++ +++ bug 1436519 +++ ====================================================================== Description of problem: libvirt-daemon-config-nwfilter package always returns inconsistencies for rpm verify run against it . This issue is seen only on RHV hypervisor hosts and not on regular RHEL based host servers. An entry for uuid gets added into all the files under /etc/libvirt/nwfilter for which the rpm verify files . Version-Release number of selected component (if applicable): libvirt-daemon-config-nwfilter-2.0.0-10.el7_3.5.x86_64.rpm libvirt-daemon-config-nwfilter-2.0.0-10.el7_3.4.x86_64.rpm How reproducible: Install a RHV hypervisor version 7 (3.10.0 - 514.el7.x86_64_) for RHEV 3.6 . Steps to Reproduce: 1. Install RHV hypervisor version 7 2. Do a rpm verify check for it using # rpm -V libvirt-daemon-config-nwfilter Actual results: RPM verify fails with the below error # rpm -q -V libvirt-daemon-config-nwfilter SM5....T. /etc/libvirt/nwfilter/allow-arp.xml SM5....T. /etc/libvirt/nwfilter/allow-dhcp-server.xml SM5....T. /etc/libvirt/nwfilter/allow-dhcp.xml SM5....T. /etc/libvirt/nwfilter/allow-incoming-ipv4.xml SM5....T. /etc/libvirt/nwfilter/allow-ipv4.xml SM5....T. /etc/libvirt/nwfilter/clean-traffic.xml SM5....T. /etc/libvirt/nwfilter/no-arp-ip-spoofing.xml SM5....T. /etc/libvirt/nwfilter/no-arp-mac-spoofing.xml SM5....T. /etc/libvirt/nwfilter/no-arp-spoofing.xml SM5....T. /etc/libvirt/nwfilter/no-ip-multicast.xml SM5....T. /etc/libvirt/nwfilter/no-ip-spoofing.xml SM5....T. /etc/libvirt/nwfilter/no-mac-broadcast.xml SM5....T. /etc/libvirt/nwfilter/no-mac-spoofing.xml SM5....T. /etc/libvirt/nwfilter/no-other-l2-traffic.xml SM5....T. /etc/libvirt/nwfilter/no-other-rarp-traffic.xml SM5....T. /etc/libvirt/nwfilter/qemu-announce-self-rarp.xml SM5....T. /etc/libvirt/nwfilter/qemu-announce-self.xml Expected results: RPM for newly installed OS should return a consistent value. Additional info: The uuid field entries are only seen on RHV hypervisor based hosts and not on any RHEL based host servers. (Originally by Ribu Abraham)
Can you please provide a full sos report of the system? It's not clear if this is a RHEV-H 3.6 setup, a RHEL-H 3.6 setup or anything different from above. Also, this seems related to Bug #1431581 so this may be a RHEL bug and not a RHEV bug. (Originally by Sandro Bonazzola)
# cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.3 (Maipo) # yum install libvirt-daemon-config-nwfilter <snip> # rpm -V libvirt-daemon-config-nwfilter SM5....T. /etc/libvirt/nwfilter/allow-arp.xml SM5....T. /etc/libvirt/nwfilter/allow-dhcp-server.xml SM5....T. /etc/libvirt/nwfilter/allow-dhcp.xml SM5....T. /etc/libvirt/nwfilter/allow-incoming-ipv4.xml SM5....T. /etc/libvirt/nwfilter/allow-ipv4.xml SM5....T. /etc/libvirt/nwfilter/clean-traffic.xml SM5....T. /etc/libvirt/nwfilter/no-arp-ip-spoofing.xml SM5....T. /etc/libvirt/nwfilter/no-arp-mac-spoofing.xml SM5....T. /etc/libvirt/nwfilter/no-arp-spoofing.xml SM5....T. /etc/libvirt/nwfilter/no-ip-multicast.xml SM5....T. /etc/libvirt/nwfilter/no-ip-spoofing.xml SM5....T. /etc/libvirt/nwfilter/no-mac-broadcast.xml SM5....T. /etc/libvirt/nwfilter/no-mac-spoofing.xml SM5....T. /etc/libvirt/nwfilter/no-other-l2-traffic.xml SM5....T. /etc/libvirt/nwfilter/no-other-rarp-traffic.xml SM5....T. /etc/libvirt/nwfilter/qemu-announce-self-rarp.xml SM5....T. /etc/libvirt/nwfilter/qemu-announce-self.xml (Originally by dougsland)
Test version: rhvh-4.2.2.1-0.20180420.0+1 libvirt-client-3.9.0-14.el7_5.2.x86_64 libvirt-daemon-3.9.0-14.el7_5.2.x86_64 imgbased-1.0.13-0.1.el7ev.noarch Test steps: # rpm -V libvirt-daemon-config-nwfilter .M....... g /etc/libvirt/nwfilter/allow-arp.xml .M....... g /etc/libvirt/nwfilter/allow-dhcp-server.xml .M....... g /etc/libvirt/nwfilter/allow-dhcp.xml .M....... g /etc/libvirt/nwfilter/allow-incoming-ipv4.xml .M....... g /etc/libvirt/nwfilter/allow-ipv4.xml .M....... g /etc/libvirt/nwfilter/clean-traffic.xml .M....... g /etc/libvirt/nwfilter/no-arp-ip-spoofing.xml .M....... g /etc/libvirt/nwfilter/no-arp-mac-spoofing.xml .M....... g /etc/libvirt/nwfilter/no-arp-spoofing.xml .M....... g /etc/libvirt/nwfilter/no-ip-multicast.xml .M....... g /etc/libvirt/nwfilter/no-ip-spoofing.xml .M....... g /etc/libvirt/nwfilter/no-mac-broadcast.xml .M....... g /etc/libvirt/nwfilter/no-mac-spoofing.xml .M....... g /etc/libvirt/nwfilter/no-other-l2-traffic.xml .M....... g /etc/libvirt/nwfilter/no-other-rarp-traffic.xml .M....... g /etc/libvirt/nwfilter/qemu-announce-self-rarp.xml .M....... g /etc/libvirt/nwfilter/qemu-announce-self.xml Test result: RPM verify fails with the file mode error. So change bug status to ASSIGNED. (Originally by Chen Shao)
This appears to have changed in 7.5 somewhere, and was missed until now. This breaks the second libvirt is started. I disabled all services related to RHVH, and vdsm, and installed a RHVH host (without imgbased). After a fresh login: $ ssh root.122.128 The authenticity of host '192.168.122.128 (192.168.122.128)' can't be established. ECDSA key fingerprint is SHA256:cr38rqhzmoAyyMXRyGUWPv1M4a/OBsnNOMF05vVAbPU. ECDSA key fingerprint is MD5:0e:30:dd:87:bb:ac:ec:1d:56:2a:ef:4f:d9:a9:4a:a6. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.122.128' (ECDSA) to the list of known hosts. root.122.128's password: Last login: Tue Apr 24 13:29:52 2018 Traceback (most recent call last): File "/usr/lib64/python2.7/runpy.py", line 162, in _run_module_as_main "__main__", fname, loader, pkg_name) File "/usr/lib64/python2.7/runpy.py", line 72, in _run_code exec code in run_globals File "/usr/lib/python2.7/site-packages/nodectl/__main__.py", line 42, in <module> CliApplication() File "/usr/lib/python2.7/site-packages/nodectl/__init__.py", line 200, in CliApplication return cmdmap.command(args) File "/usr/lib/python2.7/site-packages/nodectl/__init__.py", line 118, in command return self.commands[command](**kwargs) File "/usr/lib/python2.7/site-packages/nodectl/__init__.py", line 101, in motd Motd(Status(Health(self.imgbased).status(), File "/usr/lib/python2.7/site-packages/imgbased/plugins/core.py", line 358, in status status.results.append(group().run()) File "/usr/lib/python2.7/site-packages/imgbased/plugins/core.py", line 385, in check_thin pool = self.app.imgbase._thinpool() File "/usr/lib/python2.7/site-packages/imgbased/imgbase.py", line 120, in _thinpool return LVM.Thinpool.from_tag(self.thinpool_tag) File "/usr/lib/python2.7/site-packages/imgbased/lvm.py", line 191, in from_tag assert len(lvs) == 1 AssertionError Admin Console: https://192.168.122.128:9090/ [root@localhost ~]# rpm -V libvirt-daemon-config-nwfilter [root@localhost ~]# rpm -V libvirt-daemon-config-nwfilter .M....... g /etc/libvirt/nwfilter/allow-arp.xml .M....... g /etc/libvirt/nwfilter/allow-dhcp-server.xml .M....... g /etc/libvirt/nwfilter/allow-dhcp.xml .M....... g /etc/libvirt/nwfilter/allow-incoming-ipv4.xml .M....... g /etc/libvirt/nwfilter/allow-ipv4.xml .M....... g /etc/libvirt/nwfilter/clean-traffic.xml .M....... g /etc/libvirt/nwfilter/no-arp-ip-spoofing.xml .M....... g /etc/libvirt/nwfilter/no-arp-mac-spoofing.xml .M....... g /etc/libvirt/nwfilter/no-arp-spoofing.xml .M....... g /etc/libvirt/nwfilter/no-ip-multicast.xml .M....... g /etc/libvirt/nwfilter/no-ip-spoofing.xml .M....... g /etc/libvirt/nwfilter/no-mac-broadcast.xml .M....... g /etc/libvirt/nwfilter/no-mac-spoofing.xml .M....... g /etc/libvirt/nwfilter/no-other-l2-traffic.xml .M....... g /etc/libvirt/nwfilter/no-other-rarp-traffic.xml .M....... g /etc/libvirt/nwfilter/qemu-announce-self-rarp.xml .M....... g /etc/libvirt/nwfilter/qemu-announce-self.xml [root@localhost ~]# I'll look for a root cause, but we should expect this to be moved off RHVH to another component (RHV or platform, depending on the cause) (Originally by Ryan Barry)
After testing, this is reproducible on plain RHEL 7.5 with libvirt. I'll file a platform bug and block on it Installed: libvirt.x86_64 0:3.9.0-14.el7_5.2 Dependency Installed: augeas-libs.x86_64 0:1.4.0-5.el7 autogen-libopts.x86_64 0:5.18-5.el7 avahi-libs.x86_64 0:0.6.31-19.el7 boost-system.x86_64 0:1.53.0-27.el7 boost-thread.x86_64 0:1.53.0-27.el7 bridge-utils.x86_64 0:1.5-9.el7 bzip2.x86_64 0:1.0.6-13.el7 cyrus-sasl.x86_64 0:2.1.26-23.el7 cyrus-sasl-gssapi.x86_64 0:2.1.26-23.el7 dnsmasq.x86_64 0:2.76-5.el7 fuse-libs.x86_64 0:2.9.2-10.el7 glusterfs.x86_64 0:3.8.4-53.el7 glusterfs-api.x86_64 0:3.8.4-53.el7 glusterfs-cli.x86_64 0:3.8.4-53.el7 glusterfs-client-xlators.x86_64 0:3.8.4-53.el7 glusterfs-libs.x86_64 0:3.8.4-53.el7 gnutls.x86_64 0:3.3.26-9.el7 gnutls-dane.x86_64 0:3.3.26-9.el7 gnutls-utils.x86_64 0:3.3.26-9.el7 gperftools-libs.x86_64 0:2.6.1-1.el7 gssproxy.x86_64 0:0.7.0-17.el7 iscsi-initiator-utils.x86_64 0:6.2.0.874-7.el7 iscsi-initiator-utils-iscsiuio.x86_64 0:6.2.0.874-7.el7 keyutils.x86_64 0:1.5.8-3.el7 libbasicobjects.x86_64 0:0.1.1-29.el7 libcgroup.x86_64 0:0.41-15.el7 libcollection.x86_64 0:0.7.0-29.el7 libevent.x86_64 0:2.0.21-4.el7 libini_config.x86_64 0:1.3.1-29.el7 libiscsi.x86_64 0:1.9.0-7.el7 libnfsidmap.x86_64 0:0.25-19.el7 libpath_utils.x86_64 0:0.2.1-29.el7 libpcap.x86_64 14:1.5.3-11.el7 librados2.x86_64 1:0.94.5-2.el7 librbd1.x86_64 1:0.94.5-2.el7 libref_array.x86_64 0:0.1.5-29.el7 libtirpc.x86_64 0:0.2.4-0.10.el7 libverto-libevent.x86_64 0:0.2.5-4.el7 libvirt-client.x86_64 0:3.9.0-14.el7_5.2 libvirt-daemon.x86_64 0:3.9.0-14.el7_5.2 libvirt-daemon-config-network.x86_64 0:3.9.0-14.el7_5.2 libvirt-daemon-config-nwfilter.x86_64 0:3.9.0-14.el7_5.2 libvirt-daemon-driver-interface.x86_64 0:3.9.0-14.el7_5.2 libvirt-daemon-driver-lxc.x86_64 0:3.9.0-14.el7_5.2 libvirt-daemon-driver-network.x86_64 0:3.9.0-14.el7_5.2 libvirt-daemon-driver-nodedev.x86_64 0:3.9.0-14.el7_5.2 libvirt-daemon-driver-nwfilter.x86_64 0:3.9.0-14.el7_5.2 libvirt-daemon-driver-qemu.x86_64 0:3.9.0-14.el7_5.2 libvirt-daemon-driver-secret.x86_64 0:3.9.0-14.el7_5.2 libvirt-daemon-driver-storage.x86_64 0:3.9.0-14.el7_5.2 libvirt-daemon-driver-storage-core.x86_64 0:3.9.0-14.el7_5.2 libvirt-daemon-driver-storage-disk.x86_64 0:3.9.0-14.el7_5.2 libvirt-daemon-driver-storage-gluster.x86_64 0:3.9.0-14.el7_5.2 libvirt-daemon-driver-storage-iscsi.x86_64 0:3.9.0-14.el7_5.2 libvirt-daemon-driver-storage-logical.x86_64 0:3.9.0-14.el7_5.2 libvirt-daemon-driver-storage-mpath.x86_64 0:3.9.0-14.el7_5.2 libvirt-daemon-driver-storage-rbd.x86_64 0:3.9.0-14.el7_5.2 libvirt-daemon-driver-storage-scsi.x86_64 0:3.9.0-14.el7_5.2 libvirt-libs.x86_64 0:3.9.0-14.el7_5.2 lzop.x86_64 0:1.03-10.el7 netcf-libs.x86_64 0:0.2.8-4.el7 nettle.x86_64 0:2.7.1-8.el7 nfs-utils.x86_64 1:1.3.0-0.54.el7 nmap-ncat.x86_64 2:6.40-13.el7 numad.x86_64 0:0.5-18.20150602git.el7 qemu-img.x86_64 10:1.5.3-156.el7 quota.x86_64 1:4.01-17.el7 quota-nls.noarch 1:4.01-17.el7 radvd.x86_64 0:1.9.2-9.el7 rpcbind.x86_64 0:0.2.0-44.el7 tcp_wrappers.x86_64 0:7.6-77.el7 trousers.x86_64 0:0.3.14-2.el7 unbound-libs.x86_64 0:1.6.6-1.el7 yajl.x86_64 0:2.0.4-4.el7 Complete! [root@localhost ~]# rpm -V libvirt-daemon-config-nwfilter [root@localhost ~]# service libvirtd start Redirecting to /bin/systemctl start libvirtd.service [root@localhost ~]# rpm -V libvirt-daemon-config-nwfilter .M....... g /etc/libvirt/nwfilter/allow-arp.xml .M....... g /etc/libvirt/nwfilter/allow-dhcp-server.xml .M....... g /etc/libvirt/nwfilter/allow-dhcp.xml .M....... g /etc/libvirt/nwfilter/allow-incoming-ipv4.xml .M....... g /etc/libvirt/nwfilter/allow-ipv4.xml .M....... g /etc/libvirt/nwfilter/clean-traffic.xml .M....... g /etc/libvirt/nwfilter/no-arp-ip-spoofing.xml .M....... g /etc/libvirt/nwfilter/no-arp-mac-spoofing.xml .M....... g /etc/libvirt/nwfilter/no-arp-spoofing.xml .M....... g /etc/libvirt/nwfilter/no-ip-multicast.xml .M....... g /etc/libvirt/nwfilter/no-ip-spoofing.xml .M....... g /etc/libvirt/nwfilter/no-mac-broadcast.xml .M....... g /etc/libvirt/nwfilter/no-mac-spoofing.xml .M....... g /etc/libvirt/nwfilter/no-other-l2-traffic.xml .M....... g /etc/libvirt/nwfilter/no-other-rarp-traffic.xml .M....... g /etc/libvirt/nwfilter/qemu-announce-self-rarp.xml .M....... g /etc/libvirt/nwfilter/qemu-announce-self.xml (Originally by Ryan Barry)
Deferring because we need a platform fix (Originally by Ryan Barry)
Test version: rhvh-4.2.4.3-0.20180621.0+1 libvirt-3.9.0-14.el7_5.6.x86_64 imgbased-1.0.20-0.1.el7ev.noarch Test steps: # rpm -V libvirt-daemon-config-nwfilter .M....... g /etc/libvirt/nwfilter/allow-arp.xml .M....... g /etc/libvirt/nwfilter/allow-dhcp-server.xml .M....... g /etc/libvirt/nwfilter/allow-dhcp.xml .M....... g /etc/libvirt/nwfilter/allow-incoming-ipv4.xml .M....... g /etc/libvirt/nwfilter/allow-ipv4.xml .M....... g /etc/libvirt/nwfilter/clean-traffic.xml .M....... g /etc/libvirt/nwfilter/no-arp-ip-spoofing.xml .M....... g /etc/libvirt/nwfilter/no-arp-mac-spoofing.xml .M....... g /etc/libvirt/nwfilter/no-arp-spoofing.xml .M....... g /etc/libvirt/nwfilter/no-ip-multicast.xml .M....... g /etc/libvirt/nwfilter/no-ip-spoofing.xml .M....... g /etc/libvirt/nwfilter/no-mac-broadcast.xml .M....... g /etc/libvirt/nwfilter/no-mac-spoofing.xml .M....... g /etc/libvirt/nwfilter/no-other-l2-traffic.xml .M....... g /etc/libvirt/nwfilter/no-other-rarp-traffic.xml .M....... g /etc/libvirt/nwfilter/qemu-announce-self-rarp.xml .M....... g /etc/libvirt/nwfilter/qemu-announce-self.xml Test result: RPM verify fails with the file mode error. So change bug status to ASSIGNED.
Chen, can you please re-test with the latest build based on RHEL 7.6?
Test version: redhat-virtualization-host-4.2-20180918.0 libvirt-4.5.0-9.el7.x86_64 imgbased-1.0.25-1.el7ev.noarch Test steps: # rpm -V libvirt-daemon-config-nwfilter # # rpm -qa | grep libvirt libvirt-daemon-driver-storage-disk-4.5.0-9.el7.x86_64 libvirt-bash-completion-4.5.0-9.el7.x86_64 libvirt-client-4.5.0-9.el7.x86_64 libvirt-daemon-driver-network-4.5.0-9.el7.x86_64 libvirt-daemon-driver-storage-core-4.5.0-9.el7.x86_64 libvirt-daemon-driver-storage-mpath-4.5.0-9.el7.x86_64 libvirt-daemon-config-nwfilter-4.5.0-9.el7.x86_64 libvirt-libs-4.5.0-9.el7.x86_64 libvirt-daemon-driver-nwfilter-4.5.0-9.el7.x86_64 libvirt-daemon-driver-interface-4.5.0-9.el7.x86_64 libvirt-daemon-config-network-4.5.0-9.el7.x86_64 libvirt-daemon-driver-qemu-4.5.0-9.el7.x86_64 libvirt-daemon-driver-storage-logical-4.5.0-9.el7.x86_64 libvirt-daemon-driver-storage-4.5.0-9.el7.x86_64 libvirt-daemon-kvm-4.5.0-9.el7.x86_64 libvirt-python-4.5.0-1.el7.x86_64 libvirt-daemon-driver-secret-4.5.0-9.el7.x86_64 libvirt-daemon-driver-lxc-4.5.0-9.el7.x86_64 libvirt-daemon-driver-storage-scsi-4.5.0-9.el7.x86_64 libvirt-daemon-driver-storage-rbd-4.5.0-9.el7.x86_64 libvirt-4.5.0-9.el7.x86_64 libvirt-lock-sanlock-4.5.0-9.el7.x86_64 libvirt-daemon-driver-storage-iscsi-4.5.0-9.el7.x86_64 libvirt-daemon-driver-storage-gluster-4.5.0-9.el7.x86_64 libvirt-daemon-4.5.0-9.el7.x86_64 libvirt-daemon-driver-nodedev-4.5.0-9.el7.x86_64 # cat /etc/os-release NAME="Red Hat Enterprise Linux" VERSION="7.6" VERSION_ID="7.6" ID="rhel" ID_LIKE="fedora" VARIANT="Red Hat Virtualization Host" VARIANT_ID="ovirt-node" PRETTY_NAME="Red Hat Virtualization Host 4.2.7 (el7.6)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:redhat:enterprise_linux:7.6:beta:hypervisor" HOME_URL="https://www.redhat.com/" BUG_REPORT_URL="https://bugzilla.redhat.com/" # FIXME REDHAT_BUGZILLA_PRODUCT="Red Hat Virtualization" REDHAT_BUGZILLA_PRODUCT_VERSION=7.6 REDHAT_SUPPORT_PRODUCT="Red Hat Virtualization" REDHAT_SUPPORT_PRODUCT_VERSION=7.6 # Test result: rpm verify successful, so the bug is fixed, change bug status to verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:3470
sync2jira