Description of problem: when ovirt-hosted-engine-ha installed it create its sudoers file which grants to vsdm user permission to control vdsm and sanlock services. in file /etc/sudoers.d/60_ovirt-ha: Cmnd_Alias OVIRT_HA = \ /usr/sbin/service vdsmd *, \ /usr/sbin/service sanlock *, \ /sbin/losetup --find --show --sizelimit=* /var/lib/ovirt-hosted-engine-ha/*, \ /sbin/losetup --detach /dev/loop*, \ /sbin/mkfs -t * /dev/loop*, \ /usr/bin/mount /dev/loop* *, \ /usr/bin/umount *, \ /bin/mv -b -f -Z /var/lib/ovirt-hosted-engine-ha/* /etc/ovirt-hosted-engine/hosted-engine.conf, \ /usr/bin/chown -R vdsm /var/lib/ovirt-hosted-engine-ha/*, \ /usr/bin/chown root\:root /etc/ovirt-hosted-engine/hosted-engine.conf, \ /usr/bin/chmod 644 /etc/ovirt-hosted-engine/hosted-engine.conf, \ /usr/sbin/persist /etc/ovirt-hosted-engine/hosted-engine.conf, \ /usr/sbin/unpersist /etc/ovirt-hosted-engine/hosted-engine.conf "service" command only used for checking service status, so it doesn't require sudo.
Cmnd_Alias OVIRT_HA = \ /sbin/losetup --find --show --sizelimit=* /var/lib/ovirt-hosted-engine-ha/*, \ /sbin/losetup --detach /dev/loop*, \ /sbin/mkfs -t * /dev/loop*, \ /usr/bin/mount /dev/loop* *, \ /usr/bin/umount *, \ /bin/mv -b -f -Z /var/lib/ovirt-hosted-engine-ha/* /etc/ovirt-hosted-engine/hosted-engine.conf, \ /usr/bin/chown -R vdsm /var/lib/ovirt-hosted-engine-ha/*, \ /usr/bin/chown root\:root /etc/ovirt-hosted-engine/hosted-engine.conf, \ /usr/bin/chmod 644 /etc/ovirt-hosted-engine/hosted-engine.conf, \ /usr/sbin/persist /etc/ovirt-hosted-engine/hosted-engine.conf, \ /usr/sbin/unpersist /etc/ovirt-hosted-engine/hosted-engine.conf vdsm ALL=(ALL) NOPASSWD: OVIRT_HA /etc/sudoers.d/60_ovirt-ha (END) Works for me on latest Software Version:4.4.1.7-0.3.el8ev. ovirt-hosted-engine-ha-2.4.4-1.el8ev.noarch ovirt-hosted-engine-setup-2.4.5-1.el8ev.noarch Linux 4.18.0-193.12.1.el8_2.x86_64 #1 SMP Thu Jul 2 15:48:14 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux Red Hat Enterprise Linux release 8.2 (Ootpa) Reported issue no longer exists.
This bugzilla is included in oVirt 4.4.1 release, published on July 8th 2020. Since the problem described in this bug report should be resolved in oVirt 4.4.1 release, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report.