Description of problem: Currently (in 4.2), engine-setup and related utils save a set of files that track configuration files written by them, including an MD5 hash of the files fully-written by them. This information is used by engine-cleanup and by ovirt-engine-rename, and might be used in the future elsewhere, when deciding whether it's safe to assume that we can automatically remove/edit a file. We want to change the hash algorithm to be SHA256, mainly to allow being FIPS-compliant. Some of the work to do this was already done in current master branch, including : https://gerrit.ovirt.org/95408 - always read these files (not only in engine-cleanup), support also SHA256 (but do not use it yet) https://gerrit.ovirt.org/95492 - use the information read by previous patch in engine-cleanup https://gerrit.ovirt.org/96193 - Default to SHA256 for files written by engine-setup. This patch does not update the existing information, so is not enough for upgrade. The current decision is that we do not need/want to support moving existing setups to be FIPS-compliant, so that's ok. Still remaining is ovirt-engine-rename. It's currently broken. We have to change it to use the information from the first patch as well, instead of it having a partial copy of that code. Verification: engine-cleanup already prompts about files it wants to remove, if they were changed externally. Also ovirt-engine-rename prompts, about files it wants to modify, if they were changed externally. So make sure they continue to do this properly, including when the same file was manually modified between runs of engine-setup, and with changes done both in <= 4.2 and in 4.3 (current master). E.g. something like: 1. setup 4.2 engine 2. edit some file it wrote (e.g. /etc/ovirt-engine/ovirt-vmconsole-proxy-helper.conf.d/10-setup.conf . Can even just add an empty line). 3. Upgrade to 4.3 4. edit this file again 5. engine-cleanup and/or ovirt-engine-rename Make sure they both prompt about this file.
Setting doc text -, no need to provide many details here. We can briefly mention this in the FIPS tracker bug.
*** Bug 1613219 has been marked as a duplicate of this bug. ***
QE: See also bug 1613219 comment 2 and 4.
Anything blocking this bugfix verification?
I'm working on it right now, but I think I met an issue: I used steps from comment #0 with RHV 4.2 -> 4.3 upgrade [ INFO ] Stage: Initializing [ INFO ] Stage: Environment setup Configuration files: ['/etc/ovirt-engine-setup.conf.d/10-packaging-wsp.conf', '/etc/ovirt-engine-setup.conf.d/10-packaging.conf', '/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf'] Log file: /var/log/ovirt-engine/setup/ovirt-engine-remove-20190214130018-mekscb.log Version: otopi-1.8.0 (otopi-1.8.0-1.el7ev) [ INFO ] Stage: Environment packages setup [ INFO ] Stage: Programs detection [ INFO ] Stage: Environment customization Do you want to remove all components? (Yes, No) [Yes]: [ ERROR ] Failed to execute stage 'Environment customization': 'changed' [ INFO ] Stage: Clean up Log file is located at /var/log/ovirt-engine/setup/ovirt-engine-remove-20190214130018-mekscb.log [ INFO ] Generating answer file '/var/lib/ovirt-engine/setup/answers/20190214130020-cleanup.conf' [ INFO ] Stage: Pre-termination [ INFO ] Stage: Termination [ ERROR ] Execution of cleanup failed Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/otopi/context.py", line 133, in _executeMethod method['method']() File "/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-remove/base/files/simple.py", line 240, in _customization if info['changed'] KeyError: 'changed' during cleanup it failed on keyError attached also logs
Created attachment 1534783 [details] engine-cleanup log
Forgot mention version: ovirt-engine-setup-4.3.0.4-0.1.el7.noarch ovirt-engine-setup-base-4.3.0.4-0.1.el7.noarch ovirt-engine-setup-plugin-ovirt-engine-common-4.3.0.4-0.1.el7.noarch ovirt-engine-4.3.0.4-0.1.el7.noarch
(In reply to Petr Kubica from comment #5) > I'm working on it right now, but I think I met an issue: > > I used steps from comment #0 with RHV 4.2 -> 4.3 upgrade > > [ INFO ] Stage: Initializing > [ INFO ] Stage: Environment setup > Configuration files: > ['/etc/ovirt-engine-setup.conf.d/10-packaging-wsp.conf', > '/etc/ovirt-engine-setup.conf.d/10-packaging.conf', > '/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf'] > Log file: > /var/log/ovirt-engine/setup/ovirt-engine-remove-20190214130018-mekscb.log > Version: otopi-1.8.0 (otopi-1.8.0-1.el7ev) > [ INFO ] Stage: Environment packages setup > [ INFO ] Stage: Programs detection > [ INFO ] Stage: Environment customization > Do you want to remove all components? (Yes, No) [Yes]: > [ ERROR ] Failed to execute stage 'Environment customization': 'changed' > [ INFO ] Stage: Clean up > Log file is located at > /var/log/ovirt-engine/setup/ovirt-engine-remove-20190214130018-mekscb.log > [ INFO ] Generating answer file > '/var/lib/ovirt-engine/setup/answers/20190214130020-cleanup.conf' > [ INFO ] Stage: Pre-termination > [ INFO ] Stage: Termination > [ ERROR ] Execution of cleanup failed > > Traceback (most recent call last): > File "/usr/lib/python2.7/site-packages/otopi/context.py", line 133, in > _executeMethod > method['method']() > File > "/usr/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-remove/base/files/ > simple.py", line 240, in _customization > if info['changed'] > KeyError: 'changed' > > > during cleanup it failed on keyError > attached also logs Already fixed in current master, see bug 1672251 comment 4.
Verified in ovirt-engine-4.3.2-0.1.el7.noarch
This bugzilla is included in oVirt 4.3.0 release, published on February 4th 2019. Since the problem described in this bug report should be resolved in oVirt 4.3.0 release, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report.