Description of problem: engine-cleanup was executed to remove only "WebSocket proxy". === Do you want to remove all components? (Yes, No) [Yes]: No Do you want to remove Core files? (Yes, No) [No]: Do you want to remove PKI keys? (Yes, No) [No]: Do you want to remove ovirt-provider-ovn configuration files? (Yes, No) [No]: Do you want to remove Apache SSL configuration? (Yes, No) [No]: Do you want to remove PKI configuration? (Yes, No) [No]: Do you want to remove VMConsole Helper PKI keys? (Yes, No) [No]: Do you want to remove Versionlock Plugin Configuration? (Yes, No) [No]: Do you want to remove YUM version locking configuration? (Yes, No) [No]: Do you want to remove DWH files? (Yes, No) [No]: Do you want to remove VMConsole PKI Proxy keys? (Yes, No) [No]: Do you want to remove the engine? (Yes, No) [No]: Do you want to remove DWH DB content? All data will be lost (Yes, No) [No]: Do you want to remove the Image I/O Proxy? (Yes, No) [No]: Do you want to remove the WebSocket proxy? (Yes, No) [No]: Yes ==== Answer "No" was provided for the removal of core, PKI,OVN, etc. However, these options were ignored by the engine-cleanup and it removed all the files listed in uninstall.conf. ==== 2019-11-18 13:25:21,839-0500 DEBUG otopi.context context.dumpEnvironment:741 ENV OVESETUP_REMOVE/filesToRemove=set:'set(['/etc/pki/ovirt-engine/keys/reports.key.nopass', '/etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf', '/etc/httpd/conf.d/ovirt-engine-root-redirect.conf', '/etc/pki/ovirt-engine/cacert.conf', '/etc/httpd/conf.d/z-ovirt-engine-proxy.conf',................................................................................... '/etc/ovirt-engine/ovirt-vmconsole-proxy-helper.conf.d/10-setup.conf', '/etc/pki/ovirt-engine/keys/vmconsole-proxy-helper.p12', '/etc/pki/ovirt-vmconsole/proxy-ssh_user_rsa', '/etc/pki/ovirt-engine/certs/ovirt-provider-ovn.cer'])' --== SUMMARY ==-- Engine setup successfully cleaned up Core files files not removed PKI keys files not removed ovirt-provider-ovn configuration files files not removed Apache SSL configuration files not removed PKI configuration files not removed VMConsole Helper PKI keys files not removed Versionlock Plugin Configuration files not removed YUM version locking configuration files not removed DWH files files not removed VMConsole PKI Proxy keys files not removed --== END OF SUMMARY ==-- # ls -l /etc/pki/ovirt-engine/cacert.conf ls: cannot access /etc/pki/ovirt-engine/cacert.conf: No such file or directory ======= Although the engine-cleanup asks the user the options, it never uses that for selecting the files to remove and takes everything from uninstall.conf. osetupcons.RemoveEnv.REMOVE_GROUPS is not considered while setting "self._toremove". ======= /usr/share/ovirt-engine/setup/plugins/ovirt-engine-remove/base/files/simple.py 204 if group not in self.environment[ 205 osetupcons.RemoveEnv.REMOVE_SPEC_OPTION_GROUP_LIST 206 ]: 207 add_group = dialog.queryBoolean( 208 dialog=self.dialog, 209 name='OVESETUP_REMOVE_GROUP/' + group, 210 note=_( 211 'Do you want to remove {description}? ' 212 '(@VALUES@) [@DEFAULT@]: ' 213 ).format( 214 description=description, 215 ), 216 prompt=True, 217 true=_('Yes'), 218 false=_('No'), 219 default=False, 220 ) 221 if add_group: 222 self.environment[ 223 osetupcons.RemoveEnv. 224 REMOVE_GROUPS 225 ] += ',' + group 226 227 self._toremove = set([ 228 name 229 for name, info in self.environment[ 230 osetupcons.CoreEnv.UNINSTALL_FILES_INFO 231 ].items() 232 if 'unremovable' not in info['groups'] 233 ]) ======= It looks like the change https://gerrit.ovirt.org/#/c/95492/ caused this bug. Version-Release number of selected component (if applicable): ovirt-engine-setup-base-4.3.6.7-0.1.el7.noarch How reproducible: 100% Steps to Reproduce: 1. Run engine-cleanup and select only to remove one component like WebSocket proxy or Image I/O Proxy. 2. The cleanup script will remove all the configuration files listed in uninstall.conf. 3. Actual results: engine-cleanup is removing all files listed in "uninstall.conf" irrespective of the options provided. Expected results: engine-cleanup should consider the options provided by the user. Additional info:
I am going to fix current bug, but please note that partial cleanup is not supported, see also bug 1060529 (closed deferred). In particular, e.g.: - Files that engine-setup _changed_ (as opposed to fully-wrote) are still reverted (and not asked about) - Services are stopped and disabled - All uninstall files are removed (which prevents a future engine-setup/engine-cleanup from knowing what previous engine-setups did) So, bottom line: All you get from current bug fix is what was asked for - to only remove file groups that the user asked to remove. Sorry for the regression introduced by https://gerrit.ovirt.org/#/c/95492/ . It was definitely accidental, despite partial cleanup not being supported.
Thank you for the quick fix. (In reply to Yedidyah Bar David from comment #3) > I am going to fix current bug, but please note that partial cleanup is not > supported, see also bug 1060529 (closed deferred). > Just talking in a user point of view, if it's not supported why we are giving options to remove individual components while running the engine-cleanup? If partial cleanup is not supported, we should just ask one confirmation and blow everything instead of asking the user what to remove.
(In reply to nijin ashok from comment #4) > Thank you for the quick fix. > > (In reply to Yedidyah Bar David from comment #3) > > I am going to fix current bug, but please note that partial cleanup is not > > supported, see also bug 1060529 (closed deferred). > > > > Just talking in a user point of view, if it's not supported why we are > giving options to remove individual components while running the > engine-cleanup? I am not sure, that's a good question. I guess we simply arrived at a stable point during development of bug 1060529 and decided to expose it, despite not being complete. I think I'll now add a note about this. Pushed this: https://gerrit.ovirt.org/105239 I wonder if I should instead add warn/text to the question "remove all?" itself. > If partial cleanup is not supported, we should just ask one > confirmation and blow everything instead of asking the user what to remove. Perhaps. BTW, bug 1060529 was opened mainly for moving DWH (and also Reports, at the time) to a separate machine. Since this was the only realistic use-case, and we solved it easily using documentation, there was never pressure to complete it. In the 3 years between the last useful patch for it and it being closed, no-one asked to get it solved.
(In reply to Yedidyah Bar David from comment #5) > BTW, bug 1060529 was opened mainly for moving DWH (and also Reports, at the > time) > to a separate machine. Since this was the only realistic use-case, and we > solved > it easily using documentation, there was never pressure to complete it. In > the 3 > years between the last useful patch for it and it being closed, no-one asked > to > get it solved. The user who faced the current issue(attached case) was removing websocket proxy as it was using insecure ciphers and they were not actually using the webscocket functionality. Thank you for adding a warning in the cleanup process and I think it will be a temporary measure to avoid the users running partial cleanup.
Removing the warning patch and moving to MODIFIED.
INFO: Bug status wasn't changed from MODIFIED to ON_QA due to the following reason: [Tag 'ovirt-engine-4.3.8.0' doesn't contain patch 'https://gerrit.ovirt.org/105239'] gitweb: https://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=shortlog;h=refs/tags/ovirt-engine-4.3.8.0 For more info please contact: rhv-devops
(In reply to RHV Bugzilla Automation and Verification Bot from comment #9) > INFO: Bug status wasn't changed from MODIFIED to ON_QA due to the following > reason: > > [Tag 'ovirt-engine-4.3.8.0' doesn't contain patch > 'https://gerrit.ovirt.org/105239'] It indeed wasn't merged to 4.3 yet. Moving to QE anyway, that patch is not mandatory (and links current bug with 'Related-To', not 'Bug-Url').
INFO: Bug status (ON_QA) wasn't changed but the folowing should be fixed: [Tag 'ovirt-engine-4.3.8.1' doesn't contain patch 'https://gerrit.ovirt.org/105239'] gitweb: https://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=shortlog;h=refs/tags/ovirt-engine-4.3.8.1 For more info please contact: rhv-devops
Verified on ovirt-engine-4.3.8.1-0.1.master.el7.noarch Is there a reason why the warning message is still not in the build? Maybe you can consider removing that patch from this bug.
(In reply to Petr Matyáš from comment #13) > Verified on ovirt-engine-4.3.8.1-0.1.master.el7.noarch > > Is there a reason why the warning message is still not in the build? Maybe > you can consider removing that patch from this bug. I decided to open for this bug 1781095. For some reason when I press the "garbage" icon next to it, this does nothing, didn't check why.
INFO: Bug status (VERIFIED) wasn't changed but the folowing should be fixed: [Tag 'ovirt-engine-4.3.8.2' doesn't contain patch 'https://gerrit.ovirt.org/105847'] gitweb: https://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=shortlog;h=refs/tags/ovirt-engine-4.3.8.2 For more info please contact: rhv-devops
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:0498