Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 771590

Summary: [ovirt][engine][setup] - "/var/lock/ovirt-engine" is missing during engine-setup => fail to create CA
Product: [Retired] oVirt Reporter: yeylon <yeylon>
Component: ovirt-engine-installerAssignee: Moran Goldboim <mgoldboi>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: high    
Version: unspecifiedCC: aaron.lippold, acathrow, dpaikov, hateya, iheim, jlibosva, oschreib, srevivo, ykaul
Target Milestone: ---   
Target Release: 3.1   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-08-09 07:58:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
CA none

Description yeylon@redhat.com 2012-01-04 09:00:49 UTC 
Created attachment 550634 [details]
CA

Description of problem:

Using configuration from openssl.conf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'US'
organizationName      :PRINTABLE:'redhat'
commonName            :PRINTABLE:'CA-yeylon-fedora16.qa.lab.tlv.redhat.com.64522'
Certificate is to be certified until Jan  1 08:42:26 2022 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated
Certificate was added to keystore
Certificate was added to keystore
./SignReq.sh: line 79: /var/lock/ovirt-engine/.openssl.exclusivelock: No such file or directory
file certs/engine.cer does not exist!
2012-01-04 10:42:28::DEBUG::common_utils::206::root:: retcode = 1
2012-01-04 10:42:28::ERROR::engine-setup::1005::root:: Traceback (most recent call last):
  File "/usr/bin/engine-setup", line 969, in _createCA
    out, rc = utils.execCmd(cmd, None, True, output_messages.ERR_RC_CODE, [basedefs.CONST_CA_PASS])
  File "/usr/share/ovirt-engine/scripts/common_utils.py", line 209, in execCmd
    raise Exception(msg)
Exception: Return Code is not zero

2012-01-04 10:42:28::DEBUG::engine-setup::1985::root:: *** The following params were used as user input:
2012-01-04 10:42:28::DEBUG::engine-setup::1989::root:: override-iptables: yes
2012-01-04 10:42:28::DEBUG::engine-setup::1989::root:: http-port: 8080
2012-01-04 10:42:28::DEBUG::engine-setup::1989::root:: https-port: 8443
2012-01-04 10:42:28::DEBUG::engine-setup::1989::root:: mac-range: 00:1A:4A:23:61:00-00:1A:4A:23:61:FF
2012-01-04 10:42:28::DEBUG::engine-setup::1989::root:: host-fqdn: yeylon-fedora16.qa.lab.tlv.redhat.com
2012-01-04 10:42:28::DEBUG::engine-setup::1989::root:: auth-pass: ********
2012-01-04 10:42:28::DEBUG::engine-setup::1989::root:: db-pass: ********
2012-01-04 10:42:28::DEBUG::engine-setup::1989::root:: org-name: redhat
2012-01-04 10:42:28::DEBUG::engine-setup::1989::root:: default-dc-type: iscsi
2012-01-04 10:42:28::DEBUG::engine-setup::1989::root:: config-nfs: yes
2012-01-04 10:42:28::DEBUG::engine-setup::1989::root:: nfs-mp: /data/iso
2012-01-04 10:42:28::DEBUG::engine-setup::1989::root:: iso-domain-name: localIso
2012-01-04 10:42:28::ERROR::engine-setup::2337::root:: Traceback (most recent call last):
  File "/usr/bin/engine-setup", line 2331, in <module>
    main(confFile)
  File "/usr/bin/engine-setup", line 2153, in main
    runMainFunctions(conf)
  File "/usr/bin/engine-setup", line 2060, in runMainFunctions
    runFunction(_createCA, output_messages.INFO_CREATE_CA)
  File "/usr/bin/engine-setup", line 1396, in runFunction
    raise Exception(instance)
Exception: Failed to create certificate authority



Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 2 Jakub Libosvar 2012-01-17 14:43:07 UTC 
I think this is due to /var/lock/ovirt-engine is created during rpm installation:

[root@jl-f16 ~]# rpm -ql ovirt-engine | grep "/var/lock/ovirt"
/var/lock/ovirt-engine

Problem is that /var/lock/ directory is cleaned with every startup/reboot/poweroff- not sure when. I also suspect that bug 773620 is duplicate of this one. 

Steps to reproduce:
1. Have clean fedora 16 with ovirt repo
2. yum -y install ovirt-engine ovirt-engine-setup
3. reboot
4. run engine-setup

Version:
ovirt-engine-3.0.0_0001-7.fc16.x86_64

I think every time ovirt-engine starts, it should create /var/lock/ovirt-engine directory so as engine-setup should do.
Comment 3 Ofer Schreiber 2012-01-19 08:48:33 UTC 
*** Bug 773620 has been marked as a duplicate of this bug. ***
Comment 4 Itamar Heim 2012-01-21 04:33:57 UTC 
also reported on mailing list?
http://lists.ovirt.org/pipermail/users/2012-January/000254.html
Comment 5 Haim 2012-01-21 08:15:50 UTC 
(In reply to comment #2)
> I think this is due to /var/lock/ovirt-engine is created during rpm
> installation:
> 
> [root@jl-f16 ~]# rpm -ql ovirt-engine | grep "/var/lock/ovirt"
> /var/lock/ovirt-engine
> 
> Problem is that /var/lock/ directory is cleaned with every
> startup/reboot/poweroff- not sure when. I also suspect that bug 773620 is
> duplicate of this one. 
> 
> Steps to reproduce:
> 1. Have clean fedora 16 with ovirt repo
> 2. yum -y install ovirt-engine ovirt-engine-setup
> 3. reboot
> 4. run engine-setup
> 
> Version:
> ovirt-engine-3.0.0_0001-7.fc16.x86_64
> 
> I think every time ovirt-engine starts, it should create /var/lock/ovirt-engine
> directory so as engine-setup should do.

well, it appears that files under /var/lock/ are not persisted after reboot, which as each component should take care to re-create the file in its init-scritp.
this leaves us several options, 1. chose different location to place our lock file (like any other application, postgres, vdsm, libvirt), 2. re-create this file on each start-up of jboss-as instance (use its init-script). 

Ofer - removing need-info as its reproducible on latest engine-setup version 3.0.0_0001-1.2 (managed to reproduce with single reboot instance)

we need to take call on this.
Comment 6 Ronen Angluster 2012-01-22 14:35:31 UTC 
the way this is handled in Fedora 16 is by configuring a daemon named tmpfilesd 
which will create any temp directory/file according to the configuration specified.

a solution has been submitted in: http://gerrit.ovirt.org/1192
Comment 8 Aaron Lippold 2012-03-25 10:59:57 UTC 
In my case, the issue was that the Sun JAVA path was not setup during the engine-setup process so the real source of the failure was that it could not find the 'keytool' command.

This may be another data point to check during the start of the 'engine-setup' command.
Comment 9 Itamar Heim 2012-08-09 07:58:37 UTC 
closing ON_QA bugs as oVirt 3.1 was released:
http://www.ovirt.org/get-ovirt/