Description of problem:
VDSM has a dependency on `fence-agents-all`
If other packages, which are not needed by VDSM, needs to be removed,
telnet for example, VDSM will be pulled as a dependency and will remove
[root@rhvh43 ~]# yum remove telnet
Package Arch Version Repository Size
telnet x86_64 1:0.17-64.el7 installed 113 k
Removing for dependencies:
cockpit-ovirt-dashboard noarch 0.13.1-2.el7ev installed 16 M
fence-agents-all x86_64 4.2.1-11.el7_6.8 installed 0.0
fence-agents-apc x86_64 4.2.1-11.el7_6.8 installed 9.3 k
fence-agents-bladecenter x86_64 4.2.1-11.el7_6.8 installed 4.9 k
fence-agents-brocade x86_64 4.2.1-11.el7_6.8 installed 4.4 k
fence-agents-drac5 x86_64 4.2.1-11.el7_6.8 installed 6.8 k
fence-agents-hpblade x86_64 4.2.1-11.el7_6.8 installed 5.5 k
fence-agents-ilo-moonshot x86_64 4.2.1-11.el7_6.8 installed 3.2 k
fence-agents-ilo-mp x86_64 4.2.1-11.el7_6.8 installed 2.8 k
fence-agents-ilo-ssh x86_64 4.2.1-11.el7_6.8 installed 14 k
fence-agents-rsa x86_64 4.2.1-11.el7_6.8 installed 3.4 k
fence-agents-rsb x86_64 4.2.1-11.el7_6.8 installed 3.9 k
fence-agents-wti x86_64 4.2.1-11.el7_6.8 installed 9.3 k
ovirt-host x86_64 4.3.3-1.el7ev installed 11 k
ovirt-host-dependencies x86_64 4.3.3-1.el7ev installed 11 k
ovirt-hosted-engine-ha noarch 2.3.1-1.el7ev installed 1.8 M
ovirt-hosted-engine-setup noarch 2.3.9-1.el7ev installed 1.4 M
ovirt-provider-ovn-driver noarch 1.2.22-1.el7ev installed 70 k
redhat-release-virtualization-host-content x86_64 4.3-0.8.el7 installed 0.0
vdsm x86_64 4.30.17-1.el7ev installed 185 k
vdsm-gluster x86_64 4.30.17-1.el7ev installed 261 k
vdsm-hook-ethtool-options noarch 4.30.17-1.el7ev installed 5.6 k
vdsm-hook-fcoe noarch 4.30.17-1.el7ev installed 6.5 k
vdsm-hook-vmfex-dev noarch 4.30.17-1.el7ev installed 21 k
Remove 1 Package (+24 Dependent packages)
Installed size: 19 M
Is this ok [y/N]: n
Version-Release number of selected component (if applicable):
4.3 RHV-H (rhvh-18.104.22.168-0.20190610.0+1)
Steps to Reproduce:
1. yum remove telnet
2. vdsm will be pulled as a dependency among others
Host will not work under RHV
Removing VDSM unrelated packages shouldn't trigger this behavior.
As an example, FIPS 140-2 compliance requires telnet service to be disable
/ removed. Removing telnet from a host will remove fence-agents and vdsm,
among others, as dependencies.
We should have some sort of lock on vdsm to avoid this scenario
Martin, do you think we can really remove the dependency?
(In reply to Simone Tiraboschi from comment #4)
> Martin, do you think we can really remove the dependency?
It's not that easy, right now we depend on fence-agents-all so we know that each up-to-date host always has all required and updated fence agents. Currently in RHV 4.3 we support following fence agents:
So to maintain current functionality we would need to depend on 14 packages instead of 1:
That's not such a big problem until we will add new supported agent (which will happen in 4.4, when we introduce support for redfish): because we can't be sure that all hosts in cluster/datacenter are updated into latest version, so new supported agent is installed, fencing operation might not be successful, so host will stay non-responsive.
But even with above change we will not get rid of telnet, because apc fence agent depends on it, so we would need to remove support for APC fence agent, which doesn't seem to me as a good idea.
Martin, what do you think?
Moving to virt, not really a node team issue. this will affect plain RHEL deployments as well when removing telnet after host is deployed.
Moving to Infra to track fencing