Bug 872159 - rhevm-installation: ca files ownerships are not preserver over 3.0 -> 3.1 upgrade
rhevm-installation: ca files ownerships are not preserver over 3.0 -> 3.1 upg...
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine-setup (Show other bugs)
3.1.0
x86_64 Linux
urgent Severity urgent
: ---
: ---
Assigned To: Alex Lourie
Dafna Ron
integration
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-11-01 08:16 EDT by Dafna Ron
Modified: 2015-09-22 09 EDT (History)
10 users (show)

See Also:
Fixed In Version: si24.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-12-04 15:00:21 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
engine log (327.66 KB, application/x-xz)
2012-11-01 08:16 EDT, Dafna Ron
no flags Details

  None (edit)
Description Dafna Ron 2012-11-01 08:16:05 EDT
Created attachment 636628 [details]
engine log

Description of problem:

after upgrade I tried host re-install and it failed with CA error

looking at the ca directory it seems that file ownerships are not saved after upgrade. 

Version-Release number of selected component (if applicable):

upgrade from 3.0 to si21.1

How reproducible:

100%

Steps to Reproduce:
1. install 3.0 and upgrade to 3.1
2.
3.
  
Actual results:

some of the ca ownerships were not kept after the upograde

Expected results:

ownerships should be kept

Additional info:

[root@daffi-linux ~]# cd /etc/pki/ovirt-engine/certs/
[root@daffi-linux certs]# ls -l
total 48
-rw-r--r--. 1 root  root  3489 Oct  9 12:23 05.pem
-rw-rw-r--. 1 root  root  3460 Oct 10 10:08 06.pem
-rw-rw-r--. 1 root  root  3460 Oct 10 10:23 07.pem
-rw-r--r--. 1 ovirt ovirt 3071 Oct 16 12:43 08.pem
-rw-r--r--. 1 ovirt ovirt 3071 Oct 22 14:26 09.pem
-rw-r--r--. 1 ovirt ovirt 3072 Oct 31 16:35 0A.pem
-rw-r--r--. 1 ovirt ovirt    0 Oct 31 16:30 blond-vdsg.qa.lab.tlv.redhat.comcert.pem
-rw-r--r--. 1 root  root   714 Oct  9 12:23 ca.der
-rwxr-xr-x. 1 root  root     0 Aug 22 20:12 emptyfile.txt
-rw-r--r--. 1 root  root  3489 Oct  9 12:23 engine.cer
-rw-r--r--. 1 root  root   776 Oct  9 12:23 engine.der
-rw-rw-r--. 1 root  root     0 Oct 31 15:39 gold-vdsc.qa.lab.tlv.redhat.comcert.pem
-rw-rw-r--. 1 root  root  3460 Oct 10 10:23 gold-vdsd.qa.lab.tlv.redhat.comcert.pem
-rw-r--r--. 1 ovirt ovirt 3072 Oct 31 16:35 nott-vds1.qa.lab.tlv.redhat.comcert.pem
-rw-r--r--. 1 root  root  1848 Oct  9 12:23 rhevm.pfx


after this error I manually changed owndership of 0A and only then I was able to install a host. 

2012-10-31 16:30:51,114 ERROR [org.ovirt.engine.core.utils.hostinstall.OpenSslCAWrapper] (pool-4-thread-49) [7011618f] Sign Certificate request script errors:
null/etc/pki/ovirt-engine/SignReq.sh: line 31: grep: command not found
Using configuration from openssl.conf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
organizationName      :PRINTABLE:'RedHat'
commonName            :PRINTABLE:'blond-vdsg.qa.lab.tlv.redhat.com'
Certificate is to be certified until Oct 30 14:30:50 2017 GMT (1825 days)

Write out database with 1 new entries
certs/0A.pem: Permission denied
140316543539016:error:0200100D:system library:fopen:Permission denied:bss_file.c:355:fopen('certs/0A.pem','w')
140316543539016:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:357:
Comment 4 Dafna Ron 2012-11-26 13:08:56 EST
verified on 3.0 -> 24.4

before: 

[root@daffi-linux certs]# ls -l
total 36
-rw-r--r--. 1 root  root  3504 Nov 24 21:58 01.pem
-rw-r--r--. 1 root  root  3650 Nov 24 21:58 02.pem
-rw-rw-r--. 1 jboss jboss 3622 Nov 26 13:11 03.pem
-rw-rw-r--. 1 jboss jboss 3622 Nov 26 14:49 04.pem
-rw-r--r--. 1 root  root   825 Nov 24 21:58 ca.der
-rwxr-xr-x. 1 jboss jboss    0 Aug 22 20:12 emptyfile.txt
-rw-rw-r--. 1 jboss jboss 3622 Nov 26 13:11 gold-vdsc.qa.lab.tlv.redhat.comcert.pem
-rw-rw-r--. 1 jboss jboss 3622 Nov 26 14:49 gold-vdsd.qa.lab.tlv.redhat.comcert.pem
-rw-r--r--. 1 root  root  3650 Nov 24 21:58 rhevm.cer
-rw-r--r--. 1 root  root   844 Nov 24 21:58 rhevm.der
[root@daffi-linux certs]# 


after:

[root@daffi-linux certs]# ls -l
total 36
-rw-r--r--. 1 root  root  3504 Nov 24 21:58 01.pem
-rw-r--r--. 1 root  root  3650 Nov 24 21:58 02.pem
-rw-rw-r--. 1 ovirt ovirt 3622 Nov 26 13:11 03.pem
-rw-rw-r--. 1 ovirt ovirt 3622 Nov 26 14:49 04.pem
-rw-r--r--. 1 root  root   825 Nov 24 21:58 ca.der
-rwxr-xr-x. 1 ovirt ovirt    0 Aug 22 20:12 emptyfile.txt
-rw-r--r--. 1 root  root  3650 Nov 24 21:58 engine.cer
-rw-r--r--. 1 root  root   844 Nov 24 21:58 engine.der
-rw-rw-r--. 1 ovirt ovirt 3622 Nov 26 13:11 gold-vdsc.qa.lab.tlv.redhat.comcert.pem
-rw-rw-r--. 1 ovirt ovirt 3622 Nov 26 14:49 gold-vdsd.qa.lab.tlv.redhat.comcert.pem

Note You need to log in before you can comment on or make changes to this bug.