Description of problem: When deploying HE on 4.4.1, deployment fails if OpenSCAP profile is applied: Do you want to apply a default OpenSCAP security profile (Yes, No) [No]: Yes [ ERROR ] fatal: [localhost -> amashah-rhvm44.rhev..com]: FAILED! => {"changed": false, "failures": ["No package ovirt-engine available."], "msg": "Failed to install some of the specified packages", "rc": 1, "results": []} Version-Release number of selected component (if applicable): 4.4.1 How reproducible: I tried 3 deployments when answering Yes to OpenSCAP profile, and two with answering No, all 3 attempts when saying Yes failed with the same failure to install packages message. Steps to Reproduce: 1. Deploy HE, select Yes when prompted for OpenSCAP profile Actual results: Deployment fails Expected results: Deployment succeeds Additional info: I will update the deployment log soon.
Asaf, sounds related to bug #1833254 can you please see if it's the same root cause?
Yes, seems it is the same root cause. I was able to reproduce it, when choosing to apply security profile, ovirt-engine and many other packages are missing from the engine VM.
depends on https://bugzilla.redhat.com/show_bug.cgi?id=1835650 which removes packages due to telnet removed via security profile. all the other are probably removed due to indirect dependency.
*** Bug 1871450 has been marked as a duplicate of this bug. ***
*** Bug 1847974 has been marked as a duplicate of this bug. ***
(In reply to Asaf Rachmani from comment #3) > Yes, seems it is the same root cause. > I was able to reproduce it, when choosing to apply security profile, > ovirt-engine and many other packages are missing from the engine VM. why is it failing exactly? This profile is set on the HE VM, correct? It's not supposed to have fence-agents-all installed like in bug 1835650 so it must be a different reason
Created attachment 1717529 [details] openscap-report (In reply to Michal Skrivanek from comment #12) > (In reply to Asaf Rachmani from comment #3) > > Yes, seems it is the same root cause. > > I was able to reproduce it, when choosing to apply security profile, > > ovirt-engine and many other packages are missing from the engine VM. > > why is it failing exactly? This profile is set on the HE VM, correct? It's > not supposed to have fence-agents-all installed like in bug 1835650 so it > must be a different reason ovirt-engine and many other packages are removed after OpenSCAP uninstalled gssproxy package (because they are dependent). Attached openscap-report
Created attachment 1717531 [details] openscap-report (In reply to Michal Skrivanek from comment #12) > (In reply to Asaf Rachmani from comment #3) > > Yes, seems it is the same root cause. > > I was able to reproduce it, when choosing to apply security profile, > > ovirt-engine and many other packages are missing from the engine VM. > > why is it failing exactly? This profile is set on the HE VM, correct? It's > not supposed to have fence-agents-all installed like in bug 1835650 so it > must be a different reason ovirt-engine and many other packages are removed after OpenSCAP uninstalled gssproxy package (because they are dependent). Attached openscap-report
# rpm -e gssproxy error: Failed dependencies: gssproxy >= 0.7.0-3 is needed by (installed) nfs-utils-1:2.3.3-31.el8.x86_64 # rpm -e nfs-utils error: Failed dependencies: nfs-utils is needed by (installed) ovirt-engine-setup-plugin-ovirt-engine-common-4.4.1.2-0.10.el8ev.noarch
any further work on this one or just a retest now that nfs-utils dep has been fixed?
(In reply to Michal Skrivanek from comment #19) > any further work on this one or just a retest now that nfs-utils dep has > been fixed? I am not aware of any other issues, let's try to retest. Still not sure about bug 1875363.
Works fine on these components: ovirt-hosted-engine-setup-2.4.8-1.el8ev.noarch ovirt-hosted-engine-ha-2.4.5-1.el8ev.noarch rhvm-appliance-4.4-20201111.0.el8ev.x86_64 rhvm-4.4.3.10-0.1.el8ev.noarch Linux 4.18.0-240.4.1.el8_3.x86_64 #1 SMP Wed Nov 11 08:19:41 EST 2020 x86_64 x86_64 x86_64 GNU/Linux Red Hat Enterprise Linux release 8.3 (Ootpa)
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (RHV RHEL Host (ovirt-host) 4.4.z [ovirt-4.4.4]), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:0382