Bug 1835650
| Summary: | [security] selecting STIG profile cause host to be unusable due to indirect dependency on telnet | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Wei Wang <weiwang> |
| Component: | vdsm | Assignee: | Eli Mesika <emesika> |
| Status: | CLOSED ERRATA | QA Contact: | Wei Wang <weiwang> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 4.4.0 | CC: | bugs, cshao, eslutsky, hhaberma, lleistne, lsurette, mavital, michal.skrivanek, mkalinin, mperina, mtessun, nlevy, peyu, qiyuan, sbonazzo, schandle, sgrubb, shlei, srevivo, timothy.s.swan.ctr, weiwang, yaniwang, ycui, yturgema |
| Target Milestone: | ovirt-4.4.3 | Keywords: | ZStream |
| Target Release: | --- | Flags: | weiwang:
testing_plan_complete+
|
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | vdsm-4.40.35 | Doc Type: | No Doc Update |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-11-24 13:11:27 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1729222 | ||
| Bug Blocks: | 1833254, 1867158 | ||
|
Comment 3
Sandro Bonazzola
2020-05-19 07:52:20 UTC
rpm -e fence-agents-all error: Failed dependencies: fence-agents-all is needed by (installed) vdsm-4.40.16-1.el8.x86_64 moving to vdsm To me the STIG profile is the issue. telnet package contains the telnet client, which is needed for several fencing-agents. What you don't want to have is the telnet-server from my pov. telnet.x86_64 : The client program for the Telnet remote login protocol telnet-server.x86_64 : The server program for the Telnet remote login protocol You cannot remove telnet from the fence-agents, as quite some connections are telnet based - so you would need to remove these fencing-agents (Would include HP ILO as well as lots of APC fence-agents) QE have added the test case to Polarion, but it cannot be automated. We need to add requirement for fence-agents-4.2.1-53.el8_3.1 into VDSM The vdsm package is vdsm-4.40.33-1.el8ev.x86_64 in the latest rhvh build RHVH-4.4-20201020.5-RHVH-x86_64-dvd1.iso. QE will verify this bug after getting the vdsm-4.40.35 package build. Test Version RHVH-4.4-20201026.1-RHVH-x86_64-dvd1.iso [root@hp-dl388g9-04 ~]# rpm -qa|grep vdsm vdsm-yajsonrpc-4.40.35-1.el8ev.noarch vdsm-http-4.40.35-1.el8ev.noarch vdsm-network-4.40.35-1.el8ev.x86_64 vdsm-common-4.40.35-1.el8ev.noarch vdsm-python-4.40.35-1.el8ev.noarch vdsm-client-4.40.35-1.el8ev.noarch vdsm-api-4.40.35-1.el8ev.noarch vdsm-hook-vhostmd-4.40.35-1.el8ev.noarch vdsm-hook-openstacknet-4.40.35-1.el8ev.noarch vdsm-jsonrpc-4.40.35-1.el8ev.noarch Test Steps: According to comment 0 Test Result: [root@hp-dl388g9-04 ~]# rpm -qa|grep cockpit-ovirt-dashboard [root@hp-dl388g9-04 ~]# rpm -qa|grep telnet [root@hp-dl388g9-04 ~]# rpm -qa|grep ovirt-hosted-engine-setup [root@hp-dl388g9-04 ~]# rpm -qa|grep ovirt-hosted-engine "telnet-server" and packages related to hosted-engine deployment are all missed. Bug is not fixed, move the status to "ASSIGNED" (In reply to Wei Wang from comment #14) please provide the following from the failing env : 1) OS version 2) fence-agents-all version 3) libvirt* version Test with RHVH-4.4-20201029.0-RHVH-x86_64-dvd1.iso, all the packages related to hosted engine are installed. [root@hp-dl388g9-04 ~]# rpm -qa|grep cockpit-ovirt-dashboard cockpit-ovirt-dashboard-0.14.12-1.el8ev.noarch [root@hp-dl388g9-04 ~]# rpm -qa|grep ovirt-hosted-engine ovirt-hosted-engine-setup-2.4.8-1.el8ev.noarch ovirt-hosted-engine-ha-2.4.5-1.el8ev.noarch [root@hp-dl388g9-04 ~]# rpm -qa|grep vdsm* vdsm-api-4.40.35.1-1.el8ev.noarch vdsm-hook-vhostmd-4.40.35.1-1.el8ev.noarch vdsm-jsonrpc-4.40.35.1-1.el8ev.noarch vdsm-gluster-4.40.35.1-1.el8ev.x86_64 vdsm-common-4.40.35.1-1.el8ev.noarch vdsm-python-4.40.35.1-1.el8ev.noarch vdsm-hook-openstacknet-4.40.35.1-1.el8ev.noarch vdsm-client-4.40.35.1-1.el8ev.noarch vdsm-4.40.35.1-1.el8ev.x86_64 vdsm-http-4.40.35.1-1.el8ev.noarch vdsm-hook-ethtool-options-4.40.35.1-1.el8ev.noarch vdsm-network-4.40.35.1-1.el8ev.x86_64 vdsm-hook-fcoe-4.40.35.1-1.el8ev.noarch vdsm-yajsonrpc-4.40.35.1-1.el8ev.noarch vdsm-hook-vmfex-dev-4.40.35.1-1.el8ev.noarch [root@hp-dl388g9-04 ~]# rpm -qa|grep fence-agents-all fence-agents-all-4.2.1-53.el8_3.1.x86_64 QE will verify this bug after dev move the status to "ON_QA" According to comment 21, move status to "VERIFIED". Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (RHV RHEL Host (ovirt-host) 4.4.z [ovirt-4.4.3]), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:5213 |