Bug 2050108 - hosted-engine-setup fails to start ovirt-ha-broker service on RHEL-H with DISA STIG
Summary: hosted-engine-setup fails to start ovirt-ha-broker service on RHEL-H with DIS...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-hosted-engine-ha
Version: 4.5.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ovirt-4.5.0
: ---
Assignee: Asaf Rachmani
QA Contact: Wei Wang
URL:
Whiteboard:
Depends On: 2020620
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-02-03 09:31 UTC by Asaf Rachmani
Modified: 2022-05-26 17:23 UTC (History)
3 users (show)

Fixed In Version: ovirt-hosted-engine-ha-2.5.0-1.el8ev
Doc Type: Bug Fix
Doc Text:
Previously, the ovirt-ha-broker service failed to start on a host with a DISA STIG profile. In this release, the ovirt-ha-broker binaries were moved to /usr/libexec. As a result, the ovirt-ha-broker service succeeds to start on a host with a DISA STIG profile.
Clone Of:
Environment:
Last Closed: 2022-05-26 17:22:47 UTC
oVirt Team: Integration
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github oVirt ovirt-hosted-engine-ha pull 7 0 None Closed missing libss-devel package 2022-06-06 01:24:58 UTC
Red Hat Issue Tracker RHV-44606 0 None None None 2022-02-03 09:35:44 UTC
Red Hat Product Errata RHSA-2022:4764 0 None None None 2022-05-26 17:23:02 UTC

Description Asaf Rachmani 2022-02-03 09:31:33 UTC 
Description of problem:
hosted-engine-setup fails to start ovirt-ha-broker service on RHEL-H with DISA STIG

Version-Release number of selected component (if applicable):
ovirt-hosted-engine-ha-2.4.9-1.el8ev.noarch
ovirt-ansible-collection-1.6.5-1.el8ev.noarch
ovirt-hosted-engine-setup-2.5.4-2.el8ev.noarch


How reproducible:
100%

Steps to Reproduce:
1. Install Rhel-h 8 with DISA STIG.
2. run hosted-engine deployment

Actual results:
Deployment fails on "Initialize lockspace volume" task

Expected results:
Deployment succeeds

Additional info:
2022-01-24 09:50:07,594-0500 DEBUG ansible on_any args TASK: ovirt.ovirt.hosted_engine_setup : Initialize lockspace volume  kwargs is_conditional:False 
2022-01-24 09:50:07,594-0500 DEBUG ansible on_any args localhost TASK: ovirt.ovirt.hosted_engine_setup : Initialize lockspace volume  kwargs 
2022-01-24 09:50:09,096-0500 DEBUG ansible on_any args <ansible.executor.task_result.TaskResult object at 0x7f00796cb668>  kwargs 
2022-01-24 09:50:20,327-0500 DEBUG ansible on_any args <ansible.executor.task_result.TaskResult object at 0x7f0079966320>  kwargs 
2022-01-24 09:50:31,579-0500 DEBUG ansible on_any args <ansible.executor.task_result.TaskResult object at 0x7f0079966d30>  kwargs 
2022-01-24 09:50:43,065-0500 DEBUG ansible on_any args <ansible.executor.task_result.TaskResult object at 0x7f00796cb0b8>  kwargs 
2022-01-24 09:50:54,204-0500 DEBUG ansible on_any args <ansible.executor.task_result.TaskResult object at 0x7f0079a890f0>  kwargs 
2022-01-24 09:51:05,970-0500 DEBUG var changed: host "localhost" var "ansible_play_hosts" type "<class 'list'>" value: "[]"
2022-01-24 09:51:05,970-0500 DEBUG var changed: host "localhost" var "ansible_play_batch" type "<class 'list'>" value: "[]"
2022-01-24 09:51:05,970-0500 DEBUG var changed: host "localhost" var "play_hosts" type "<class 'list'>" value: "[]"
2022-01-24 09:51:05,971-0500 ERROR ansible failed {
    "ansible_host": "localhost",
    "ansible_playbook": "/usr/share/ovirt-hosted-engine-setup/ansible/trigger_role.yml",
    "ansible_result": {
        "_ansible_no_log": false,
        "attempts": 5,
        "changed": true,
        "cmd": [
            "hosted-engine",
            "--reinitialize-lockspace",
            "--force"
        ],
        "delta": "0:00:00.801175",
        "end": "2022-01-24 09:51:05.444875",
        "invocation": {
            "module_args": {
                "_raw_params": "hosted-engine --reinitialize-lockspace --force",
                "_uses_shell": false,
                "argv": null,
                "chdir": null,
                "creates": null,
                "executable": null,
                "removes": null,
                "stdin": null,
                "stdin_add_newline": true,
                "strip_empty_ends": true,
                "warn": true
            }
        },
        "msg": "non-zero return code",
        "rc": 1,
        "start": "2022-01-24 09:51:04.643700",
        "stderr": "Traceback (most recent call last):\n  File \"/usr/lib64/python3.6/runpy.py\", line 193, in _run_module_as_main\n    \"__main__\", mod_spec)\n  File \"/usr/lib64/python3.6/runpy.py\", line 85, 
in _run_code\n    exec(code, run_globals)\n  File \"/usr/lib/python3.6/site-packages/ovirt_hosted_engine_setup/reinitialize_lockspace.py\", line 30, in <module>\n    ha_cli.reset_lockspace(force)\n  File \"/usr/
lib/python3.6/site-packages/ovirt_hosted_engine_ha/client/client.py\", line 286, in reset_lockspace\n    stats = broker.get_stats_from_storage()\n  File \"/usr/lib/python3.6/site-packages/ovirt_hosted_engine_ha/
lib/brokerlink.py\", line 148, in get_stats_from_storage\n    result = self._proxy.get_stats()\n  File \"/usr/lib64/python3.6/xmlrpc/client.py\", line 1112, in __call__\n    return self.__send(self.__name, args)
\n  File \"/usr/lib64/python3.6/xmlrpc/client.py\", line 1452, in __request\n    verbose=self.__verbose\n  File \"/usr/lib64/python3.6/xmlrpc/client.py\", line 1154, in request\n    return self.single_request(host, handler, request_body, verbose)\n  File \"/usr/lib64/python3.6/xmlrpc/client.py\", line 1166, in single_request\n    http_conn = self.send_request(host, handler, request_body, verbose)\n  File \"/usr/lib64/python3.6/xmlrpc/client.py\", line 1279, in send_request\n    self.send_content(connection, request_body)\n  File \"/usr/lib64/python3.6/xmlrpc/client.py\", line 1309, in send_content\n    connection.endheaders(request_body)\n  File \"/usr/lib64/python3.6/http/client.py\", line 1264, in endheaders\n    self._send_output(message_body, encode_chunked=encode_chunked)\n  File \"/usr/lib64/python3.6/http/client.py\", line 1040, in _send_output\n    self.send(msg)\n  File \"/usr/lib64/python3.6/http/client.py\", line 978, in send\n    self.connect()\n  File \"/usr/lib/python3.6/site-packages/ovirt_hosted_engine_ha/lib/unixrpc.py\", line 76, in connect\n    self.sock.connect(base64.b16decode(self.host))\nFileNotFoundError: [Errno 2] No such file or directory",
        "stderr_lines": [
            "Traceback (most recent call last):",
            "  File \"/usr/lib64/python3.6/runpy.py\", line 193, in _run_module_as_main",
            "    \"__main__\", mod_spec)",
            "  File \"/usr/lib64/python3.6/runpy.py\", line 85, in _run_code",
            "    exec(code, run_globals)",
            "  File \"/usr/lib/python3.6/site-packages/ovirt_hosted_engine_setup/reinitialize_lockspace.py\", line 30, in <module>",
            "    ha_cli.reset_lockspace(force)",
            "  File \"/usr/lib/python3.6/site-packages/ovirt_hosted_engine_ha/client/client.py\", line 286, in reset_lockspace",
            "    stats = broker.get_stats_from_storage()",
            "  File \"/usr/lib/python3.6/site-packages/ovirt_hosted_engine_ha/lib/brokerlink.py\", line 148, in get_stats_from_storage",
            "    result = self._proxy.get_stats()",
            "  File \"/usr/lib64/python3.6/xmlrpc/client.py\", line 1112, in __call__",
            "    return self.__send(self.__name, args)",
            "  File \"/usr/lib64/python3.6/xmlrpc/client.py\", line 1452, in __request",
            "    verbose=self.__verbose",
            "  File \"/usr/lib64/python3.6/xmlrpc/client.py\", line 1154, in request",
            "    return self.single_request(host, handler, request_body, verbose)",
            "  File \"/usr/lib64/python3.6/xmlrpc/client.py\", line 1166, in single_request",
            "    http_conn = self.send_request(host, handler, request_body, verbose)",
            "  File \"/usr/lib64/python3.6/xmlrpc/client.py\", line 1279, in send_request",
            "    self.send_content(connection, request_body)",
            "  File \"/usr/lib64/python3.6/xmlrpc/client.py\", line 1309, in send_content",
            "    connection.endheaders(request_body)",
            "  File \"/usr/lib64/python3.6/http/client.py\", line 1264, in endheaders",
            "    self._send_output(message_body, encode_chunked=encode_chunked)",
            "  File \"/usr/lib64/python3.6/http/client.py\", line 1040, in _send_output",
            "    self.send(msg)",
            "  File \"/usr/lib64/python3.6/http/client.py\", line 978, in send",
            "    self.connect()",
            "  File \"/usr/lib/python3.6/site-packages/ovirt_hosted_engine_ha/lib/unixrpc.py\", line 76, in connect",
            "    self.sock.connect(base64.b16decode(self.host))",
            "FileNotFoundError: [Errno 2] No such file or directory"
        ],
        "stdout": "",
        "stdout_lines": []
    },
    "ansible_task": "Initialize lockspace volume",
    "ansible_type": "task",
    "status": "FAILED",
    "task_duration": 58
}
Comment 5 Wei Wang 2022-03-30 03:36:47 UTC 
Test Version:
ovirt-hosted-engine-ha-2.5.0-1.el8ev.noarch
ovirt-ansible-collection-2.0.0-0.6.BETA.el8ev.noarch

Test Steps:
1. Install RHEL8.5 iso with STIG profile
2. Remove fapolicyd
3. Upgrade to RHEL8.6
4. Install fapolicyd
5. Install rhv
6. hosted engine deploy


Test Result:
Hosted engine deploy successfully.

Bug is fixed, move it to "VERIFIED"
Comment 12 errata-xmlrpc 2022-05-26 17:22:47 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Low: RHV RHEL Host (ovirt-host) [ovirt-4.5.0] security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:4764
Note You need to log in before you can comment on or make changes to this bug.