Description of problem: When a new kernel is installed on the hyperviosor, but the hypervisor has not been rebooted. The installation initiated from RHV-M fails Version-Release number of selected component (if applicable): 4.4.3 ovirt-engine-tools-4.4.3.12-0.1.el8ev.noarch How reproducible: 100% Steps to Reproduce: 1.Install a new kernel 2.Click upgrade in the UI Actual results: Failed to install some of the specified packages: No package Security: available Expected results: The installtion finishes successfully Additional info: Issue is in "ovirt-host-check-upgrade/tasks/main.yml" We exectute : yum check-update -q --excludepkgs=ansible | grep '[0-9]' | cut -d ' ' -f1 | sed '/^$/d' >> /tmp/yum_updates he result in this case is: [root@dell-r430-03 ~]# yum check-update -q --exclude=ansible | grep '[0-9]' | cut -d ' ' -f1 | sed '/^$/d' Security: Security: The output of the yum is: # yum check-update -q --exclude=ansible Security: kernel-core-4.18.0-240.1.1.el8_3.x86_64 is an installed security update Security: kernel-core-4.18.0-193.14.3.el8_2.x86_64 is the currently running version
Reboot host after upgrade is enabled by default, so the most important issue is why reboot was disabled by the user? But anyway we will take a look if we can improve that yum check-upgrade hack
Please attach host upgrade logs
Feel free to reopen if reproduced again with the latest version and attach required information
(In reply to Martin Perina from comment #4) > Feel free to reopen if reproduced again with the latest version and attach > required information Reopening this since we have a customer hitting the same issue on 3 hosts. As mentioned in comment 0, if the running Kernel is not the latest to that of installed kernel rpm, the "yum check-update -q --excludepkgs=ansible" will give below notice. Security: kernel-core-4.18.0-240.22.1.el8_3.x86_64 is an installed security update Security: kernel-core-4.18.0-240.15.1.el8_3.x86_64 is the currently running version Then the command "yum check-update -q --excludepkgs=ansible | grep '[0-9]' | cut -d ' ' -f1 | sed '/^$/d'" (Task: Check for system updates) will be below. # yum check-update -q --excludepkgs=ansible | grep '[0-9]' | cut -d ' ' -f1 | sed '/^$/d' |tail cockpit-system.noarch gdb-headless.x86_64 grub2-tools.x86_64 grub2-tools-efi.x86_64 grub2-tools-extra.x86_64 grub2-tools-minimal.x86_64 kernel-headers.x86_64 kernel-headers.x86_64 Security: Security: So this "Security:" will also be passed to the task "Upgrade packages" which will fail with the error below. === 2021-05-04 15:41:31 MSK - TASK [ovirt-host-upgrade : Upgrade packages] *********************************** (item=Security:) => {"ansible_loop_var": "item", "changed": false, "failures": ["No package Security: available."], "item": "Security:", "msg": "Failed to install some of the specified packages", "rc": 1, "results": []} === Steps to Reproduce: [1] Reboot the server with an older kernel. [2] Try to update the host from the manager.
Nijin, have you seen Comment 2? Why customer turned off reboot after upgrade? It's clearly visible that upgrade the kernel package, but as they didn't reboot the host, the upgrade is not finished. For example if kernel would be a security upgrade, they would still be using vulnerable machine. That's exactly the reason why we enabled reboot after upgrade by default. So yeah, we could filter Security related message from check-for-upgrade flow, but that wouldn't solve the customer problem as customer is still running on the unupgraded kernel
Verified on ovirt-engine-4.4.7.6-0.11.el8ev.noarch
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: RHV Manager (ovirt-engine) security update [ovirt-4.4.7]), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2865
Due to QE capacity, we are not going to cover this issue in our automation