Created attachment 1549408[details]
Log file
Description of problem:
Hosted engine deploy failed when RHVH security profile is selected STIG.
During the installation, if a user selects security profile as "STIG for Red Hat Virtualization Hypervisor", it will disable the ssh root login by adding "PermitRootLogin No" in the sshd_config. Deploy HE, it will fail at "Hash the appliance root password" ansible task no matter enable the root login or not.
ovirt-hosted-engine-setup-ansible-bootstrap_local_vm-2019229172024-9gswwx.log
2019-03-29 17:24:38,530+0800 ERROR ansible failed {'status': 'FAILED', 'ansible_type': 'task', 'ansible_task': u'Hash the appliance root password', 'ansible_result': u'type: <type \'dict\'>\nstr: {\'changed\': True, \'censored\': "the output has been hidden due to the fact that \'no_log: true\' was specified for this result"}', 'task_duration': 1, 'ansible_host': u'localhost', 'ansible_playbook': u'/usr/share/ovirt-hosted-engine-setup/ansible/trigger_role.yml'}
Version-Release number of selected component (if applicable):
RHVH-4.3-20190328.0-RHVH-x86_64-dvd1.iso
cockpit-system-176-4.el7.noarch
cockpit-ws-176-4.el7.x86_64
cockpit-bridge-176-4.el7.x86_64
cockpit-storaged-176-4.el7.noarch
cockpit-ovirt-dashboard-0.12.6-1.el7ev.noarch
cockpit-machines-ovirt-176-4.el7.noarch
cockpit-dashboard-176-4.el7.x86_64
cockpit-176-4.el7.x86_64
ovirt-hosted-engine-setup-2.3.7-1.el7ev.noarch
ovirt-hosted-engine-ha-2.3.1-1.el7ev.noarch
rhvm-appliance-4.3-20190328.1.el7.rpm
How reproducible:
100%
Steps to Reproduce:
1. Clean install RHVH-4.3-20190328.0-RHVH-x86_64-dvd1.iso
2. Select "security profile" as "STIG for Red Hat Virtualization Hypervisor" while installing RHV-H.
3. Check the "PermitRootLogin" value is "no" in the sshd_config.
4. Deploy hosted-engine via cockpit UI
Actual results:
Hosted engine deploy failed when RHVH security profile is selected STIG.
Expected results:
Hosted engine deploy successfully when RHVH security profile is selected STIG.
Additional info:
1.The bug cannot reproduced with normal RHVH installation.
2.If changing the "PermitRootLogin" value to "yes" in the sshd_config, the bug can be reproduced.
Test Version
RHVH-4.3-20190404.1-RHVH-x86_64-dvd1.iso
cockpit-system-176-4.el7.noarch
cockpit-ws-176-4.el7.x86_64
cockpit-bridge-176-4.el7.x86_64
cockpit-storaged-176-4.el7.noarch
cockpit-ovirt-dashboard-0.12.7-1.el7ev.noarch
cockpit-machines-ovirt-176-4.el7.noarch
cockpit-dashboard-176-4.el7.x86_64
cockpit-176-4.el7.x86_64
ovirt-hosted-engine-ha-2.3.1-1.el7ev.noarch
ovirt-hosted-engine-setup-2.3.7-1.el7ev.noarch
rhvm-appliance-4.3-20190404.1.el7.x86_64
Test Steps:
According to comment 0
Result:
Hosted engine deploy successfully when RHVH security profile is selected STIG.
Bug is fixed, move it to "VERIFIED"
This bugzilla is included in oVirt 4.3.3 release, published on April 16th 2019.
Since the problem described in this bug report should be
resolved in oVirt 4.3.3 release, it has been closed with a resolution of CURRENT RELEASE.
If the solution does not work for you, please open a new bug report.
Created attachment 1549408 [details] Log file Description of problem: Hosted engine deploy failed when RHVH security profile is selected STIG. During the installation, if a user selects security profile as "STIG for Red Hat Virtualization Hypervisor", it will disable the ssh root login by adding "PermitRootLogin No" in the sshd_config. Deploy HE, it will fail at "Hash the appliance root password" ansible task no matter enable the root login or not. ovirt-hosted-engine-setup-ansible-bootstrap_local_vm-2019229172024-9gswwx.log 2019-03-29 17:24:38,530+0800 ERROR ansible failed {'status': 'FAILED', 'ansible_type': 'task', 'ansible_task': u'Hash the appliance root password', 'ansible_result': u'type: <type \'dict\'>\nstr: {\'changed\': True, \'censored\': "the output has been hidden due to the fact that \'no_log: true\' was specified for this result"}', 'task_duration': 1, 'ansible_host': u'localhost', 'ansible_playbook': u'/usr/share/ovirt-hosted-engine-setup/ansible/trigger_role.yml'} Version-Release number of selected component (if applicable): RHVH-4.3-20190328.0-RHVH-x86_64-dvd1.iso cockpit-system-176-4.el7.noarch cockpit-ws-176-4.el7.x86_64 cockpit-bridge-176-4.el7.x86_64 cockpit-storaged-176-4.el7.noarch cockpit-ovirt-dashboard-0.12.6-1.el7ev.noarch cockpit-machines-ovirt-176-4.el7.noarch cockpit-dashboard-176-4.el7.x86_64 cockpit-176-4.el7.x86_64 ovirt-hosted-engine-setup-2.3.7-1.el7ev.noarch ovirt-hosted-engine-ha-2.3.1-1.el7ev.noarch rhvm-appliance-4.3-20190328.1.el7.rpm How reproducible: 100% Steps to Reproduce: 1. Clean install RHVH-4.3-20190328.0-RHVH-x86_64-dvd1.iso 2. Select "security profile" as "STIG for Red Hat Virtualization Hypervisor" while installing RHV-H. 3. Check the "PermitRootLogin" value is "no" in the sshd_config. 4. Deploy hosted-engine via cockpit UI Actual results: Hosted engine deploy failed when RHVH security profile is selected STIG. Expected results: Hosted engine deploy successfully when RHVH security profile is selected STIG. Additional info: 1.The bug cannot reproduced with normal RHVH installation. 2.If changing the "PermitRootLogin" value to "yes" in the sshd_config, the bug can be reproduced.