+++ This bug is a downstream clone. The original bug is: +++ +++ bug 1594615 +++ ====================================================================== Description of problem: Trying to perform an upgrade from RHV 4.1.11 to RHV 4.2.3 which fails due to rh-postgresql95-postgresql unable to create pid file reporting permission denied errors. The RHV manager server runs with selinux in enforcing mode. Version-Release number of selected component (if applicable): ovirt-engine-4.1.11.2-0.1.el7.noarch ovirt-engine-setup-4.2.3.8-0.1.el7.noarch rh-postgresql95-postgresql-server-9.5.9-1.el7.x86_64 How reproducible: Always Steps to Reproduce: 1. yum update ovirt\*setup\* 2. engine-setup fails with below error [ INFO ] Upgrading PostgreSQL [ INFO ] PostgreSQL has been successfully upgraded, starting the new instance (rh-postgresql95-postgresql). [ ERROR ] Failed to execute stage 'Misc configuration': Failed to start service 'rh-postgresql95-postgresql' [ INFO ] Yum Performing yum transaction rollback [ INFO ] Rolling back to the previous PostgreSQL instance (postgresql). [ INFO ] Stage: Clean up Log file is located at /var/log/ovirt-engine/setup/ovirt-engine-setup-20180625105843-tdlb6n.log [ INFO ] Generating answer file '/var/lib/ovirt-engine/setup/answers/20180625110214-setup.conf' [ INFO ] Stage: Pre-termination [ INFO ] Stage: Termination [ ERROR ] Execution of setup failed 3. selinux errors reported due to [2] (check audit.log attachment) 4. Try to add the exception using ausearch -c 'postgres' --raw | audit2allow -M my-postgres semodule -i my-postgres.pp Actual results: Fails with permission denied errors. Expected results: To complete the update to RHV 4.2 Additional info: (Originally by Ribu Abraham)
This seems similar to bug 1518253. Can you try if running 'yum reinstall rh-postgresql95-runtime' resolves the issue? (Originally by Ondra Machacek)
(In reply to Ondra Machacek from comment #5) > This seems similar to bug 1518253. Can you try if running 'yum reinstall > rh-postgresql95-runtime' resolves the issue? Hi , It worked for me after doing a reinstall of the package again. Ribu (Originally by Ribu Abraham)
If it's indeed fully reproducible, might try again to debug this - and open a bug on selinux policy and/or postgresql. At the time, we didn't manage to reproduce, thus made bug 1518253 a known issue. If we fail to reproduce, but still want a workaround, that's an option too. Please see the discussion on bug 1518253 and try to provide as many relevant details as possible, including: What state did you start from? Is this a new system, or upgraded from older ones (seems like < 7.3 seems to be relevant)? Was it rebooted, or not, during an upgrade process? Etc. (Originally by didi)
(In reply to Yedidyah Bar David from comment #7) > If it's indeed fully reproducible, might try again to debug this - and open > a bug on selinux policy and/or postgresql. > > At the time, we didn't manage to reproduce, thus made bug 1518253 a known > issue. > > If we fail to reproduce, but still want a workaround, that's an option too. > > Please see the discussion on bug 1518253 and try to provide as many relevant > details as possible, including: > > What state did you start from? Is this a new system, or upgraded from older > ones (seems like < 7.3 seems to be relevant)? > > Was it rebooted, or not, during an upgrade process? > > Etc. Based on the requested information. This is a fresh 4.1 install on RHEL 7.4 . The machine didn't require a reboot as there was no kernel update. The error on first try received for selinux has been attached for your information. (Originally by Ribu Abraham)
Ribu, thanks for the update, but this isn't enough - we already have this information in bug 1518253. "Reproducible" means you can provide this: 1. Cleanly install a machine with RHEL 2. ? 3. ? 4. ? 5. Get this error If you can't, I will sadly have to close this as a duplicate. If you can attach a sosreport, it might help too - although, as I said, we already spent quite some time on a real machine demonstrating this behavior but still failed to reproduce. Thanks. (Originally by didi)
(In reply to Yedidyah Bar David from comment #10) > Ribu, thanks for the update, but this isn't enough - we already have this > information in bug 1518253. "Reproducible" means you can provide this: > > 1. Cleanly install a machine with RHEL > 2. ? > 3. ? > 4. ? > 5. Get this error > > If you can't, I will sadly have to close this as a duplicate. > > If you can attach a sosreport, it might help too - although, as I said, we > already spent quite some time on a real machine demonstrating this behavior > but still failed to reproduce. Thanks. I have tried to recreate the issue for which it works for me at the moment based on a fresh install of RHEL 7 followed by RHV 4.1 setup and upgrade to 4.2. The issue for Postgres SELinux related errors no longer shows up Ribu (Originally by Ribu Abraham)
Decided to "fix" by making engine-setup check this and fail, with a message suggesting a workaround. Still not sure how to reproduce. For how I "reproduced" and verified, see my comment starting with "Verified by:" in gerrit: https://gerrit.ovirt.org/93147 If someone does manage to come up with a real reproducer, not involving zeroing out file_contexts.subs , I suggest to reopen bug 1518599, if you want. (Originally by didi)
This can be tested with 4.2 nightly: latest engine published there is currently ovirt-engine-4.2.6.1-0.0.master.20180801123732.git9367424.el7 which includes this fix.
ok upgrade to 4.2.6.0-1 without any problem May 30 13:51:11 Installed: ovirt-engine-4.1.11.2-0.1.el7.noarch Aug 14 15:29:11 Installed: ovirt-engine-4.2.6-0.1.el7ev.noarch
Didi With regard to the doc text, if this bug is a duplicate, does this mean I can use this part of the doc text from bug 1518253: To prevent this, reinstall the rh-postgresql95-runtime package by running 'yum reinstall rh-postgresql95-runtime', then run engine-setup again.
(In reply to Emma Heftman from comment #18) > Didi > With regard to the doc text, if this bug is a duplicate, does this mean I > can use this part of the doc text from bug 1518253: > > To prevent this, reinstall the rh-postgresql95-runtime package by running > 'yum reinstall rh-postgresql95-runtime', then run engine-setup again. Yes. We didn't fix the issue, because we failed to reproduce. The only change here is that the failure will be sooner, and with this message: [ INFO ] Verifying PostgreSQL SELinux file context rules [ ERROR ] SELinux file context rules for PostgreSQL are missing SELinux file context rules for PostgreSQL are missing. For more information, see: https://bugzilla.redhat.com/1518599 . You can try fixing this by running this command: # yum reinstall rh-postgresql95-runtime Then you can try running Setup again. [ ERROR ] Failed to execute stage 'Environment customization': SELinux file context rules for PostgreSQL are missing
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:2623