Bug 1930550 - RHVH upgrade failed via engine with STIG profile selected
Summary: RHVH upgrade failed via engine with STIG profile selected
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: imgbased
Version: 4.4.5
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: ---
Assignee: Nobody
QA Contact: peyu
URL:
Whiteboard:
: 1931002 2032043 (view as bug list)
Depends On: 1900662 2025906
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-02-19 06:41 UTC by peyu
Modified: 2024-10-01 17:31 UTC (History)
15 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-04-29 07:34:28 UTC
oVirt Team: Node
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
/var/log (981.73 KB, application/gzip)
2021-02-19 06:41 UTC, peyu 		no flags Details
eval_remediate_report (5.22 MB, application/xhtml+xml)
2021-05-26 12:49 UTC, Asaf Rachmani 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 6586801 0 None None None 2022-04-08 16:15:00 UTC

Description peyu 2021-02-19 06:41:40 UTC 
Created attachment 1757999 [details]
/var/log

Description of problem:
Select the STIG profile during the installation of RHVH. Then upgrade the host to the latest build 4.4.5-3 via RHVM, upgrade failed.


Version-Release number of selected component (if applicable):
redhat-virtualization-host-4.4.5-20210215.0.el8_3

How reproducible:
100%

Steps to Reproduce:
1. Install RHVH-4.4-20210202.0-RHVH-x86_64-dvd1.iso and choose the STIG profile for "security policy" in Anaconda
2. Login to host, set up local repo and point to "redhat-virtualization-host-4.4.5-20210215.0.el8_3"
3. Add host to RHVM
4. Upgrade the host via RHVM

Actual results:
RHVH upgrade failed. The error message in /var/log/imgbased.log is as follows:
~~~~~~
2021-02-19 13:18:30,466 [DEBUG] (MainThread) Returned: b'Logical volume "rhvh-4.4.5.3-0.20210215.0+1" successfully removed'
Traceback (most recent call last):
  File "/usr/lib64/python3.6/runpy.py", line 193, in _run_module_as_main
    "__main__", mod_spec)
  File "/usr/lib64/python3.6/runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "/tmp/tmp.M76swfTv4i/usr/lib/python3.6/site-packages/imgbased/__main__.py", line 53, in <module>
    CliApplication()
  File "/tmp/tmp.M76swfTv4i/usr/lib/python3.6/site-packages/imgbased/__init__.py", line 82, in CliApplication
    app.hooks.emit("post-arg-parse", args)
  File "/tmp/tmp.M76swfTv4i/usr/lib/python3.6/site-packages/imgbased/hooks.py", line 120, in emit
    cb(self.context, *args)
  File "/tmp/tmp.M76swfTv4i/usr/lib/python3.6/site-packages/imgbased/plugins/update.py", line 75, in post_argparse
    six.reraise(*exc_info)
  File "/tmp/tmp.M76swfTv4i/usr/lib/python3.6/site-packages/six.py", line 675, in reraise
    raise value
  File "/tmp/tmp.M76swfTv4i/usr/lib/python3.6/site-packages/imgbased/plugins/update.py", line 66, in post_argparse
    base, _ = LiveimgExtractor(app.imgbase).extract(args.FILENAME)
  File "/tmp/tmp.M76swfTv4i/usr/lib/python3.6/site-packages/imgbased/plugins/update.py", line 148, in extract
    "%s" % size, nvr)
  File "/tmp/tmp.M76swfTv4i/usr/lib/python3.6/site-packages/imgbased/plugins/update.py", line 128, in add_base_with_tree
    new_layer_lv = self.imgbase.add_layer(new_base)
  File "/tmp/tmp.M76swfTv4i/usr/lib/python3.6/site-packages/imgbased/imgbase.py", line 213, in add_layer
    self.hooks.emit("new-layer-added", prev_lv, new_lv)
  File "/tmp/tmp.M76swfTv4i/usr/lib/python3.6/site-packages/imgbased/hooks.py", line 120, in emit
    cb(self.context, *args)
  File "/tmp/tmp.M76swfTv4i/usr/lib/python3.6/site-packages/imgbased/plugins/osupdater.py", line 118, in on_new_layer
    postprocess(new_lv)
  File "/tmp/tmp.M76swfTv4i/usr/lib/python3.6/site-packages/imgbased/plugins/osupdater.py", line 253, in postprocess
    _install_update_rpm()
  File "/tmp/tmp.M76swfTv4i/usr/lib/python3.6/site-packages/imgbased/plugins/osupdater.py", line 245, in _install_update_rpm
    new_fs.path("/"), rpms[0]])
  File "/tmp/tmp.M76swfTv4i/usr/lib/python3.6/site-packages/imgbased/utils.py", line 373, in rpm
    return self.call(["rpm"] + args, **kwargs)
  File "/tmp/tmp.M76swfTv4i/usr/lib/python3.6/site-packages/imgbased/utils.py", line 324, in call
    stdout = command.call(*args, **kwargs)
  File "/tmp/tmp.M76swfTv4i/usr/lib/python3.6/site-packages/imgbased/command.py", line 14, in call
    return subprocess.check_output(*args, **kwargs).strip()
  File "/usr/lib64/python3.6/subprocess.py", line 356, in check_output
    **kwargs).stdout
  File "/usr/lib64/python3.6/subprocess.py", line 438, in run
    output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command '['rpm', '-U', '--quiet', '--justdb', '--root', '/tmp/mnt.3RfEm//', '/var/cache/dnf/rhel-7-server-rhvh-4-rpms-21ea416fbe4cd14c/packages/redhat-virtualization-host-image-update-latest.rpm']' returned non-zero exit status 1.
~~~~~~


Expected results:
Upgrade is successful without any errors.

Additional info:
If the host is not added to RHVM, only run `yum update` to upgrade the host, and the upgrade is successful.
Comment 2 Asaf Rachmani 2021-04-22 12:53:59 UTC 
Seems similar to bug 1931002
Comment 3 Asaf Rachmani 2021-04-22 13:23:20 UTC 
DB_VERSION_MISMATCH before the Traceback:

2021-02-19 13:18:29,171 [DEBUG] (MainThread) Calling: (['rpm', '-U', '--quiet', '--justdb', '--root', '/tmp/mnt.3RfEm//', '/var/cache/dnf/rhel-7-server-rhvh-4-rpms-21ea416fbe4cd14c/packages/redhat-virtualization-host-image-update-latest.rpm'],) {'close_fds': True, 'stderr': -2}
2021-02-19 13:18:29,222 [DEBUG] (MainThread) Exception! b'error: db5 error(-30969) from dbenv->open: BDB0091 DB_VERSION_MISMATCH: Database environment version mismatch\nerror: cannot open Packages index using db5 -  (-30969)\nerror: cannot open Packages database in /tmp/mnt.3RfEm/var/lib/rpm\n'
2021-02-19 13:18:29,223 [DEBUG] (MainThread) Calling: (['umount', '-l', '/tmp/mnt.3RfEm'],) {'close_fds': True, 'stderr': -2}
2021-02-19 13:18:29,711 [DEBUG] (MainThread) Calling: (['rmdir', '/tmp/mnt.3RfEm'],) {'close_fds': True, 'stderr': -2}
2021-02-19 13:18:29,717 [DEBUG] (MainThread) Calling: (['umount', '-l', '/tmp/mnt.ZHerV'],) {'close_fds': True, 'stderr': -2}
2021-02-19 13:18:29,790 [DEBUG] (MainThread) Calling: (['rmdir', '/tmp/mnt.ZHerV'],) {'close_fds': True, 'stderr': -2}
2021-02-19 13:18:29,794 [DEBUG] (MainThread) Calling: (['umount', '-l', '/tmp/mnt.YXNeG'],) {'close_fds': True, 'stderr': -2}
2021-02-19 13:18:29,813 [DEBUG] (MainThread) Calling: (['rmdir', '/tmp/mnt.YXNeG'],) {'close_fds': True, 'stderr': -2}
2021-02-19 13:18:29,817 [ERROR] (MainThread) Update failed, resetting registered LVs
2021-02-19 13:18:29,817 [DEBUG] (MainThread) Calling: (['sync'],) {'close_fds': True, 'stderr': -2}
2021-02-19 13:18:29,845 [DEBUG] (MainThread) Calling: (['lvs', '--noheadings', '--ignoreskippedcluster', '-olv_dm_path', 'rhvh_dell-per7425-03/rhvh-4.4.5.3-0.20210215.0'],) {'stderr': <_io.TextIOWrapper name='/dev/null' mode='w' encoding='UTF-8'>, 'close_fds': True}
2021-02-19 13:18:29,954 [DEBUG] (MainThread) Returned: b'/dev/mapper/rhvh_dell--per7425--03-rhvh--4.4.5.3--0.20210215.0'
2021-02-19 13:18:29,955 [DEBUG] (MainThread) Calling: (['lvremove', '-ff', 'rhvh_dell-per7425-03/rhvh-4.4.5.3-0.20210215.0'],) {'stderr': <_io.TextIOWrapper name='/dev/null' mode='w' encoding='UTF-8'>, 'close_fds': True}
2021-02-19 13:18:30,140 [DEBUG] (MainThread) Returned: b'Logical volume "rhvh-4.4.5.3-0.20210215.0" successfully removed'
2021-02-19 13:18:30,140 [DEBUG] (MainThread) Calling: (['lvs', '--noheadings', '--ignoreskippedcluster', '-olv_dm_path', 'rhvh_dell-per7425-03/rhvh-4.4.5.3-0.20210215.0+1'],) {'stderr': <_io.TextIOWrapper name='/dev/null' mode='w' encoding='UTF-8'>, 'close_fds': True}
2021-02-19 13:18:30,226 [DEBUG] (MainThread) Returned: b'/dev/mapper/rhvh_dell--per7425--03-rhvh--4.4.5.3--0.20210215.0+1'
2021-02-19 13:18:30,227 [DEBUG] (MainThread) Calling: (['lvremove', '-ff', 'rhvh_dell-per7425-03/rhvh-4.4.5.3-0.20210215.0+1'],) {'stderr': <_io.TextIOWrapper name='/dev/null' mode='w' encoding='UTF-8'>, 'close_fds': True}
2021-02-19 13:18:30,466 [DEBUG] (MainThread) Returned: b'Logical volume "rhvh-4.4.5.3-0.20210215.0+1" successfully removed'
Comment 4 Asaf Rachmani 2021-04-29 13:00:43 UTC 
I reproduced the issue, and the upgrade succeeds after executing the following commands on the host:
# cd /var/lib/rpm
# rpm --rebuilddb
Comment 5 Asaf Rachmani 2021-05-26 12:49:35 UTC 
Created attachment 1787210 [details]
eval_remediate_report

The FIPS profile failed due to a few errors (eval_remediate_report attached).
One of the errors is "Verify and Correct File Permissions with RPM" that run " sudo rpm --setperms PACKAGENAME" command, this failure happend probably because we changed the crypto-policies file's permissions in imgbased (see bug 1894852, it was changed in imgbased since bug 1900662 was not fixed yet).
This could be the reason for DB_VERSION_MISMATCH when upgrading RHVH with FIPS profile.
Comment 6 peyu 2021-07-09 06:48:34 UTC 
This issue did not reproduce, when RHVH was upgraded from rhvh-4.4.6.2-0.20210615.0+1 to rhvh-4.4.7.2-0.20210705.0+1.
RHVH upgrade was successful, and the host status is "Up" in RHVM.

Test version:
RHVM: 4.4.7.6-0.11.el8ev
Comment 7 Asaf Rachmani 2021-07-14 12:21:47 UTC 
*** Bug 1931002 has been marked as a duplicate of this bug. ***
Comment 8 peyu 2021-08-06 06:42:47 UTC 
This issue did not reproduce, when RHVH was upgraded from rhvh-4.4.7.3-0.20210715.0+1 to rhvh-4.4.8.1-0.20210729.0+1
RHVH upgrade was successful, and the host status is "Up" in RHVM.

Test version:
RHVM: 4.4.8.1-0.9.el8ev
Comment 9 Asaf Rachmani 2021-08-08 07:07:14 UTC 
This issue cannot be reproduced in the latest two versions (4.4.7, 4.4.8)
Comment 10 peyu 2021-11-08 06:17:42 UTC 
Met this issue again when upgraded RHVH from rhvh-4.4.8.1-0.20210903.0+1 to rhvh-4.4.9.2-0.20211104.0+1.
Comment 14 peyu 2021-12-14 06:32:27 UTC 
This issue can also be reproduced when upgraded RHVH from rhvh-4.4.8.1-0.20210903.0+1 to rhvh-4.4.9.2-0.20211117.0+1.

errors in /var/log/imgbased.log
~~~~~~
2021-12-14 12:38:39,990 [DEBUG] (MainThread) Installing image-update rpm from /var/cache/dnf/rhel-7-server-rhvh-4-rpms-21ea416fbe4cd14c/packages/redhat-virtualization-host-image-update-latest.rpm
2021-12-14 12:38:39,990 [DEBUG] (MainThread) Calling: (['rpm', '-U', '--quiet', '--justdb', '--root', '/tmp/mnt.NDqvb//', '/var/cache/dnf/rhel-7-server-rhvh-4-rpms-21ea416fbe4cd14c/packages/redhat-virtualization-host-image-update-latest.rpm'],) {'close_fds': True, 'stderr': -2}
2021-12-14 12:38:40,034 [DEBUG] (MainThread) Exception! b'error: db5 error(-30969) from dbenv->open: BDB0091 DB_VERSION_MISMATCH: Database environment version mismatch\nerror: cannot open Packages index using db5 -  (-30969)\nerror: cannot open Packages database in /tmp/mnt.NDqvb/var/lib/rpm\n'
2021-12-14 12:38:40,034 [DEBUG] (MainThread) Calling: (['umount', '-l', '/tmp/mnt.NDqvb'],) {'close_fds': True, 'stderr': -2}
2021-12-14 12:38:40,535 [DEBUG] (MainThread) Calling: (['rmdir', '/tmp/mnt.NDqvb'],) {'close_fds': True, 'stderr': -2}
2021-12-14 12:38:40,539 [DEBUG] (MainThread) Calling: (['umount', '-l', '/tmp/mnt.ZdhRg'],) {'close_fds': True, 'stderr': -2}
2021-12-14 12:38:40,601 [DEBUG] (MainThread) Calling: (['rmdir', '/tmp/mnt.ZdhRg'],) {'close_fds': True, 'stderr': -2}
2021-12-14 12:38:40,605 [DEBUG] (MainThread) Calling: (['umount', '-l', '/tmp/mnt.7W3zl'],) {'close_fds': True, 'stderr': -2}
2021-12-14 12:38:40,628 [DEBUG] (MainThread) Calling: (['rmdir', '/tmp/mnt.7W3zl'],) {'close_fds': True, 'stderr': -2}
2021-12-14 12:38:40,632 [ERROR] (MainThread) Update failed, resetting registered LVs
2021-12-14 12:38:40,633 [DEBUG] (MainThread) Calling: (['sync'],) {'close_fds': True, 'stderr': -2}
2021-12-14 12:38:40,654 [DEBUG] (MainThread) Calling: (['lvs', '--noheadings', '--ignoreskippedcluster', '-olv_dm_path', 'rhvh_dell-per7425-03/rhvh-4.4.9.2-0.20211117.0'],) {'stderr': <_io.TextIOWrapper name='/dev/null' mode='w' encoding='UTF-8'>, 'close_fds': True}
2021-12-14 12:38:40,773 [DEBUG] (MainThread) Returned: b'/dev/mapper/rhvh_dell--per7425--03-rhvh--4.4.9.2--0.20211117.0'
2021-12-14 12:38:40,773 [DEBUG] (MainThread) Calling: (['lvremove', '-ff', 'rhvh_dell-per7425-03/rhvh-4.4.9.2-0.20211117.0'],) {'stderr': <_io.TextIOWrapper name='/dev/null' mode='w' encoding='UTF-8'>, 'close_fds': True}
2021-12-14 12:38:41,006 [DEBUG] (MainThread) Returned: b'Logical volume "rhvh-4.4.9.2-0.20211117.0" successfully removed'
2021-12-14 12:38:41,006 [DEBUG] (MainThread) Calling: (['lvs', '--noheadings', '--ignoreskippedcluster', '-olv_dm_path', 'rhvh_dell-per7425-03/rhvh-4.4.9.2-0.20211117.0+1'],) {'stderr': <_io.TextIOWrapper name='/dev/null' mode='w' encoding='UTF-8'>, 'close_fds': True}
2021-12-14 12:38:41,111 [DEBUG] (MainThread) Returned: b'/dev/mapper/rhvh_dell--per7425--03-rhvh--4.4.9.2--0.20211117.0+1'
2021-12-14 12:38:41,111 [DEBUG] (MainThread) Calling: (['lvremove', '-ff', 'rhvh_dell-per7425-03/rhvh-4.4.9.2-0.20211117.0+1'],) {'stderr': <_io.TextIOWrapper name='/dev/null' mode='w' encoding='UTF-8'>, 'close_fds': True}
2021-12-14 12:38:41,374 [DEBUG] (MainThread) Returned: b'Logical volume "rhvh-4.4.9.2-0.20211117.0+1" successfully removed'
Traceback (most recent call last):
  File "/usr/lib64/python3.6/runpy.py", line 193, in _run_module_as_main
    "__main__", mod_spec)
  File "/usr/lib64/python3.6/runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "/tmp/tmp.anKMWjAB7m/usr/lib/python3.6/site-packages/imgbased/__main__.py", line 53, in <module>
    CliApplication()
  File "/tmp/tmp.anKMWjAB7m/usr/lib/python3.6/site-packages/imgbased/__init__.py", line 82, in CliApplication
    app.hooks.emit("post-arg-parse", args)
  File "/tmp/tmp.anKMWjAB7m/usr/lib/python3.6/site-packages/imgbased/hooks.py", line 120, in emit
    cb(self.context, *args)
  File "/tmp/tmp.anKMWjAB7m/usr/lib/python3.6/site-packages/imgbased/plugins/update.py", line 75, in post_argparse
    six.reraise(*exc_info)
  File "/tmp/tmp.anKMWjAB7m/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
    raise value
  File "/tmp/tmp.anKMWjAB7m/usr/lib/python3.6/site-packages/imgbased/plugins/update.py", line 66, in post_argparse
    base, _ = LiveimgExtractor(app.imgbase).extract(args.FILENAME)
  File "/tmp/tmp.anKMWjAB7m/usr/lib/python3.6/site-packages/imgbased/plugins/update.py", line 148, in extract
    "%s" % size, nvr)
  File "/tmp/tmp.anKMWjAB7m/usr/lib/python3.6/site-packages/imgbased/plugins/update.py", line 128, in add_base_with_tree
    new_layer_lv = self.imgbase.add_layer(new_base)
  File "/tmp/tmp.anKMWjAB7m/usr/lib/python3.6/site-packages/imgbased/imgbase.py", line 213, in add_layer
    self.hooks.emit("new-layer-added", prev_lv, new_lv)
  File "/tmp/tmp.anKMWjAB7m/usr/lib/python3.6/site-packages/imgbased/hooks.py", line 120, in emit
    cb(self.context, *args)
  File "/tmp/tmp.anKMWjAB7m/usr/lib/python3.6/site-packages/imgbased/plugins/osupdater.py", line 118, in on_new_layer
    postprocess(new_lv)
  File "/tmp/tmp.anKMWjAB7m/usr/lib/python3.6/site-packages/imgbased/plugins/osupdater.py", line 258, in postprocess
    _install_update_rpm()
  File "/tmp/tmp.anKMWjAB7m/usr/lib/python3.6/site-packages/imgbased/plugins/osupdater.py", line 250, in _install_update_rpm
    new_fs.path("/"), rpms[0]])
  File "/tmp/tmp.anKMWjAB7m/usr/lib/python3.6/site-packages/imgbased/utils.py", line 374, in rpm
    return self.call(["rpm"] + args, **kwargs)
  File "/tmp/tmp.anKMWjAB7m/usr/lib/python3.6/site-packages/imgbased/utils.py", line 325, in call
    stdout = command.call(*args, **kwargs)
  File "/tmp/tmp.anKMWjAB7m/usr/lib/python3.6/site-packages/imgbased/command.py", line 14, in call
    return subprocess.check_output(*args, **kwargs).strip()
  File "/usr/lib64/python3.6/subprocess.py", line 356, in check_output
    **kwargs).stdout
  File "/usr/lib64/python3.6/subprocess.py", line 438, in run
    output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command '['rpm', '-U', '--quiet', '--justdb', '--root', '/tmp/mnt.NDqvb//', '/var/cache/dnf/rhel-7-server-rhvh-4-rpms-21ea416fbe4cd14c/packages/redhat-virtualization-host-image-update-latest.rpm']' returned non-zero exit status 1.
~~~~~~
Comment 18 amashah 2022-04-08 16:15:01 UTC 
*** Bug 2032043 has been marked as a duplicate of this bug. ***
Comment 22 Asaf Rachmani 2022-04-18 07:50:52 UTC 
This bug should be closed since upgrade RHVH with DRAFT DISA STIG profile is not supported for the following releases (see also bug 2072987#c0).
Comment 24 cshao 2022-04-18 08:10:42 UTC 
(In reply to Asaf Rachmani from comment #22)
> This bug should be closed since upgrade RHVH with DRAFT DISA STIG profile is
> not supported for the following releases (see also bug 2072987#c0).

Hi Asaf,

I just reported a STIG bug on RHVH 4.5, see 2076196.
But according bug 2072987#c0, installation of DISA STIG profile on RHVH is not supported. So do we need to continue cover STIG testing on RHVH 4.5?

Thanks.
Comment 25 Michal Skrivanek 2022-04-21 08:40:58 UTC 
indeed we don't intend to support DISA STIG on RHVH.
Comment 26 Sandro Bonazzola 2022-04-21 13:44:56 UTC 
closing wontfix based on comment #25.
Comment 29 Michal Skrivanek 2022-04-29 07:02:54 UTC 
DISA STIG is documented in RHV 4.4 for RHV-H indeed, but we don't intend to fix it.
Install it on RHEL instead.
Comment 30 Michal Skrivanek 2022-04-29 07:03:45 UTC 
sorry, i didn't intend to change the state, moving back
Comment 31 Sandro Bonazzola 2022-04-29 07:34:28 UTC 
Closing again as wontfix as per comment #25 and comment #29
Note You need to log in before you can comment on or make changes to this bug.