Description of problem: A customer is trying to deploy a overcloud with the whole disk image they created following the documentation[1], and noticed that the overcloud image doesn't include most of fence agent packages but only fence-virt. Looking at the log file generated by `openstack overcloud image build` command, I found the following situation. - The overcloud-secure-uefi element and the overcloud-secure element, which is enabled in /usr/share/openstack-tripleo-common/image-yaml/overcloud-hardened-images-(uefi-)python3.yaml uninstalls the telnet package and the kexec-tools package by "dnf -y erase kexec-tools telnet", which is effectively same as "dnf -y remove kexec-tools telnet" - Some fence-agents packages are dependent on the telnet packages, so these packages are uninstalled by the dnf command. This eventually uninstalls the fence-agents-all package. Te problem is that when the fence-agents-all package is uninstalled, other fence agent packages are also uninstalled as unused dependencies. - fence-virt is kept because it is explicitly defined as part of packages installed, and marked as a package installed by the user. [1] https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.1/html/director_installation_and_usage/creating-whole-disk-images#building-the-whole-disk-image Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Create a hardened image following the documentation 2. Check the packages installed in the image Actual results: fence-agents packages are not installed Expected results: fence-agents packages are installed Additional info: I have manually run the dnf erase command and confirmed that the command uninstalles most of fence agents. ~~~ [heat-admin@controller-0 ~]$ sudo dnf erase telnet Updating Subscription Management repositories. Unable to read consumer identity /usr/lib/python3.6/site-packages/dateutil/parser/_parser.py:70: UnicodeWarning: decode() called on unicode string, see https://bugzilla.redhat.com/show_bug.cgi?id=1693751 instream = instream.decode() This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. Dependencies resolved. ============================================================================================================================================================================================================================================== Package Architecture Version Repository Size ============================================================================================================================================================================================================================================== Removing: telnet x86_64 1:0.17-73.el8_1.1 @rhos-16.1-rhel-8-appstream 153 k Removing dependent packages: fence-agents-all x86_64 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 0 Removing unused dependencies: autogen-libopts x86_64 5.18.12-7.el8 @rhos-16.1-rhel-8-appstream 146 k device-mapper-multipath x86_64 0.8.3-3.el8_2.3 @rhos-16.1-rhel-8 282 k device-mapper-multipath-libs x86_64 0.8.3-3.el8_2.3 @rhos-16.1-rhel-8 758 k fence-agents-amt-ws noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 10 k fence-agents-apc noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 9.3 k fence-agents-apc-snmp noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 8.1 k fence-agents-bladecenter noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 4.9 k fence-agents-brocade noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 4.4 k fence-agents-cisco-mds noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 4.3 k fence-agents-cisco-ucs noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 7.2 k fence-agents-common noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 153 k fence-agents-compute noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 33 k fence-agents-drac5 noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 6.8 k fence-agents-eaton-snmp noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 8.5 k fence-agents-emerson noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 3.6 k fence-agents-eps noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 5.1 k fence-agents-heuristics-ping noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 7.1 k fence-agents-hpblade noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 5.5 k fence-agents-ibmblade noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 3.7 k fence-agents-ifmib noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 5.0 k fence-agents-ilo-moonshot noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 3.2 k fence-agents-ilo-mp noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 2.8 k fence-agents-ilo-ssh noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 15 k fence-agents-ilo2 noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 12 k fence-agents-intelmodular noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 4.3 k fence-agents-ipdu noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 5.7 k fence-agents-ipmilan noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 50 k fence-agents-kdump x86_64 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 43 k fence-agents-mpath noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 32 k fence-agents-redfish x86_64 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 6.9 k fence-agents-rhevm noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 8.1 k fence-agents-rsa noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 3.4 k fence-agents-rsb noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 3.9 k fence-agents-sbd noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 13 k fence-agents-scsi noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 55 k fence-agents-vmware-rest noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 6.1 k fence-agents-vmware-soap noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 10 k fence-agents-wti noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 9.3 k gnutls-dane x86_64 3.6.8-12.el8_2 @rhos-16.1-rhel-8-appstream 36 k gnutls-utils x86_64 3.6.8-12.el8_2 @rhos-16.1-rhel-8-appstream 1.4 M ipmitool x86_64 1.8.18-14.el8 @rhos-16.1-rhel-8-appstream 1.1 M libwsman1 x86_64 2.6.5-5.el8 @rhos-16.1-rhel-8-appstream 359 k net-snmp-utils x86_64 1:5.8-14.el8_2.3 @rhos-16.1-rhel-8-appstream 517 k openwsman-python3 x86_64 2.6.5-5.el8 @rhos-16.1-rhel-8-appstream 520 k python3-pexpect noarch 4.6-2.el8ost @rhos-16.1 519 k python3-ptyprocess noarch 0.5.2-4.el8 @rhos-16.1-rhel-8-appstream 87 k python3-suds noarch 0.7-0.8.94664ddd46a6.el8 @rhos-16.1-rhel-8-appstream 1.0 M sbd x86_64 1.4.1-3.el8 @rhos-16.1-rhel-8-appstream 124 k userspace-rcu x86_64 0.10.1-2.el8 @rhos-16.1-rhel-8 325 k Transaction Summary ============================================================================================================================================================================================================================================== Remove 51 Packages Freed space: 7.8 M Is this ok [y/N]: ~~~ When I disable autoremove only some of the whole fence agents are uninstalled. ~~~ [heat-admin@controller-0 ~]$ sudo dnf erase telnet --noautoremove Updating Subscription Management repositories. Unable to read consumer identity /usr/lib/python3.6/site-packages/dateutil/parser/_parser.py:70: UnicodeWarning: decode() called on unicode string, see https://bugzilla.redhat.com/show_bug.cgi?id=1693751 instream = instream.decode() This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. Dependencies resolved. ============================================================================================================================================================================================================================================== Package Architecture Version Repository Size ============================================================================================================================================================================================================================================== Removing: telnet x86_64 1:0.17-73.el8_1.1 @rhos-16.1-rhel-8-appstream 153 k Removing dependent packages: fence-agents-all x86_64 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 0 fence-agents-apc noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 9.3 k fence-agents-bladecenter noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 4.9 k fence-agents-brocade noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 4.4 k fence-agents-drac5 noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 6.8 k fence-agents-hpblade noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 5.5 k fence-agents-ilo-moonshot noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 3.2 k fence-agents-ilo-mp noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 2.8 k fence-agents-rsa noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 3.4 k fence-agents-rsb noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 3.9 k fence-agents-wti noarch 4.2.1-41.el8_2.3 @rhos-16.1-rhel-8-appstream 9.3 k Transaction Summary ============================================================================================================================================================================================================================================== Remove 12 Packages Freed space: 207 k Is this ok [y/N]: ~~~
I think we have three options here. 1) Explicitly list name of fence agents packages in tripleo-puppet-elements. Then these packages are marked as ones installed by the user and would not be uninstalled as unused dependencies. (This is the reason why I created this bug for tripleo-puppet-elements initially) 2) Fix disk-image-builder to add --noautoremove option by default 3) Set the DIB_DEBOOTSTRAP_EXTRA_ARGS='--noautoremove' environment variable
Let me know if I sent this to the wrong place HardProv friends. :-)
> 3) > Set the DIB_DEBOOTSTRAP_EXTRA_ARGS='--noautoremove' environment variable This can be done by adding the following description in the yaml file passed to image build command ~~~ disk_images: - ... environments: ... DIB_DEBOOTSTRAP_EXTRA_ARGS: '--noautoremove' ~~~ One workaround verified so far is adding fence-agents-all to the package directive of the input yaml file like: ~~~ disk_images: - ... packages: - python3-psutil ... - jq - fence-agents-all <====(*) options: ... ~~~ It seems installation of these packages are executed after the telnet package(and fence-agent packages) are uninstalled.
(In reply to Takashi Kajinami from comment #3) > I think we have three options here. > > 1) > Explicitly list name of fence agents packages in tripleo-puppet-elements. > Then these packages are marked as ones installed by the user > and would not be uninstalled as unused dependencies. > (This is the reason why I created this bug for tripleo-puppet-elements > initially) I'd like to look into this option, as well as possibly fixing fence-agents packaging to push the telnet dependency to only the agents which require it.
stable/train fix has just landed, this now needs to be proposed to 16.1 and 16.2
Hi Steve, Do we have any progress about backporting the fix into OSP16.1 and OSP16.2? Kind Regards, Keigo Noha
I've cloned this bug for 16.2, targeted for 16.2.3. This bug will track for 16.1.9
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Red Hat OpenStack Platform 16.1.9 bug fix and enhancement advisory), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:8795