Bug 1902179 - Ignore message about not using latest kernel after upgrade when a host hasn't been rebooted
Summary: Ignore message about not using latest kernel after upgrade when a host hasn't...
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine
Version: 4.4.3
Hardware: Unspecified
OS: Unspecified
Target Milestone: ovirt-4.4.7
: ---
Assignee: Dana
QA Contact: Petr Matyáš
Depends On:
TreeView+ depends on / blocked
Reported: 2020-11-27 09:01 UTC by Roman Hodain
Modified: 2021-07-22 15:12 UTC (History)
8 users (show)

Fixed In Version: ovirt-engine-
Doc Type: No Doc Update
Doc Text:
Clone Of:
Last Closed: 2021-07-22 15:12:18 UTC
oVirt Team: Infra
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:2865 0 None None None 2021-07-22 15:12:56 UTC
oVirt gerrit 115347 0 master MERGED engine: improve check-update and update packages processes 2021-06-29 18:21:06 UTC

Description Roman Hodain 2020-11-27 09:01:33 UTC
Description of problem:
When a new kernel is installed on the hyperviosor, but the hypervisor has not been rebooted. The installation initiated from RHV-M fails

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Install a new kernel
2.Click upgrade in the UI

Actual results:
Failed to install some of the specified packages: No package Security: available

Expected results:
The installtion finishes successfully 

Additional info:
Issue is in "ovirt-host-check-upgrade/tasks/main.yml"

We exectute : yum check-update -q --excludepkgs=ansible | grep '[0-9]' | cut -d ' ' -f1 | sed '/^$/d' >> /tmp/yum_updates

he result in this case is:
[root@dell-r430-03 ~]# yum check-update -q --exclude=ansible | grep '[0-9]' | cut -d ' ' -f1 | sed '/^$/d'

The output of the yum is:
# yum check-update -q --exclude=ansible 
    Security: kernel-core-4.18.0-240.1.1.el8_3.x86_64 is an installed security update
    Security: kernel-core-4.18.0-193.14.3.el8_2.x86_64 is the currently running version

Comment 2 Martin Perina 2020-11-30 08:21:31 UTC
Reboot host after upgrade is enabled by default, so the most important issue is why reboot was disabled by the user?
But anyway we will take a look if we can improve that yum check-upgrade hack

Comment 3 Dana 2021-03-03 11:22:53 UTC
Please attach host upgrade logs

Comment 4 Martin Perina 2021-04-21 09:41:48 UTC
Feel free to reopen if reproduced again with the latest version and attach required information

Comment 5 nijin ashok 2021-05-19 04:55:54 UTC
(In reply to Martin Perina from comment #4)
> Feel free to reopen if reproduced again with the latest version and attach
> required information

Reopening this since we have a customer hitting the same issue on 3 hosts.

As mentioned in comment 0, if the running Kernel is not the latest to that of installed kernel rpm, the "yum check-update -q --excludepkgs=ansible" will give below notice.

Security: kernel-core-4.18.0-240.22.1.el8_3.x86_64 is an installed security update
Security: kernel-core-4.18.0-240.15.1.el8_3.x86_64 is the currently running version

Then the command "yum check-update -q --excludepkgs=ansible | grep '[0-9]' | cut -d ' ' -f1 | sed '/^$/d'" (Task: Check for system updates) will be below.

# yum check-update -q --excludepkgs=ansible | grep '[0-9]' | cut -d ' ' -f1 | sed '/^$/d' |tail

So this "Security:" will also be passed to the task "Upgrade packages" which will fail with the error below.

2021-05-04 15:41:31 MSK - TASK [ovirt-host-upgrade : Upgrade packages] ***********************************
(item=Security:) => {"ansible_loop_var": "item", "changed": false, "failures": ["No package Security: available."], "item": "Security:", "msg": "Failed to install some of the specified packages", "rc": 1, "results": []}

Steps to Reproduce:

[1] Reboot the server with an older kernel.

[2] Try to update the host from the manager.

Comment 7 Martin Perina 2021-05-19 07:24:15 UTC
Nijin, have you seen Comment 2? Why customer turned off reboot after upgrade? It's clearly visible that upgrade the kernel package, but as they didn't reboot the host, the upgrade is not finished. For example if kernel would be a security upgrade, they would still be using vulnerable machine. That's exactly the reason why we enabled reboot after upgrade by default.

So yeah, we could filter Security related message from check-for-upgrade flow, but that wouldn't solve the customer problem as customer is still running on the unupgraded kernel

Comment 11 Petr Matyáš 2021-07-12 12:23:43 UTC
Verified on ovirt-engine-

Comment 15 errata-xmlrpc 2021-07-22 15:12:18 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: RHV Manager (ovirt-engine) security update [ovirt-4.4.7]), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.