872159 – rhevm-installation: ca files ownerships are not preserver over 3.0 -> 3.1 upgrade

Bug 872159 - rhevm-installation: ca files ownerships are not preserver over 3.0 -> 3.1 upgrade

Summary: rhevm-installation: ca files ownerships are not preserver over 3.0 -> 3.1 upg...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	ovirt-engine-setup
Sub Component:
Version:	3.1.0
Hardware:	x86_64
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Target Release:	---
Assignee:	Alex Lourie
QA Contact:	Dafna Ron
Docs Contact:
URL:
Whiteboard:	integration
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-11-01 12:16 UTC by Dafna Ron
Modified:	2018-12-02 16:32 UTC (History)
CC List:	10 users (show)
Fixed In Version:	si24.1
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-12-04 20:00:21 UTC
oVirt Team:	---
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
engine log (327.66 KB, application/x-xz) 2012-11-01 12:16 UTC, Dafna Ron	no flags	Details
View All

Description Dafna Ron 2012-11-01 12:16:05 UTC

Created attachment 636628 [details]
engine log

Description of problem:

after upgrade I tried host re-install and it failed with CA error

looking at the ca directory it seems that file ownerships are not saved after upgrade. 

Version-Release number of selected component (if applicable):

upgrade from 3.0 to si21.1

How reproducible:

100%

Steps to Reproduce:
1. install 3.0 and upgrade to 3.1
2.
3.
  
Actual results:

some of the ca ownerships were not kept after the upograde

Expected results:

ownerships should be kept

Additional info:

[root@daffi-linux ~]# cd /etc/pki/ovirt-engine/certs/
[root@daffi-linux certs]# ls -l
total 48
-rw-r--r--. 1 root  root  3489 Oct  9 12:23 05.pem
-rw-rw-r--. 1 root  root  3460 Oct 10 10:08 06.pem
-rw-rw-r--. 1 root  root  3460 Oct 10 10:23 07.pem
-rw-r--r--. 1 ovirt ovirt 3071 Oct 16 12:43 08.pem
-rw-r--r--. 1 ovirt ovirt 3071 Oct 22 14:26 09.pem
-rw-r--r--. 1 ovirt ovirt 3072 Oct 31 16:35 0A.pem
-rw-r--r--. 1 ovirt ovirt    0 Oct 31 16:30 blond-vdsg.qa.lab.tlv.redhat.comcert.pem
-rw-r--r--. 1 root  root   714 Oct  9 12:23 ca.der
-rwxr-xr-x. 1 root  root     0 Aug 22 20:12 emptyfile.txt
-rw-r--r--. 1 root  root  3489 Oct  9 12:23 engine.cer
-rw-r--r--. 1 root  root   776 Oct  9 12:23 engine.der
-rw-rw-r--. 1 root  root     0 Oct 31 15:39 gold-vdsc.qa.lab.tlv.redhat.comcert.pem
-rw-rw-r--. 1 root  root  3460 Oct 10 10:23 gold-vdsd.qa.lab.tlv.redhat.comcert.pem
-rw-r--r--. 1 ovirt ovirt 3072 Oct 31 16:35 nott-vds1.qa.lab.tlv.redhat.comcert.pem
-rw-r--r--. 1 root  root  1848 Oct  9 12:23 rhevm.pfx


after this error I manually changed owndership of 0A and only then I was able to install a host. 

2012-10-31 16:30:51,114 ERROR [org.ovirt.engine.core.utils.hostinstall.OpenSslCAWrapper] (pool-4-thread-49) [7011618f] Sign Certificate request script errors:
null/etc/pki/ovirt-engine/SignReq.sh: line 31: grep: command not found
Using configuration from openssl.conf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
organizationName      :PRINTABLE:'RedHat'
commonName            :PRINTABLE:'blond-vdsg.qa.lab.tlv.redhat.com'
Certificate is to be certified until Oct 30 14:30:50 2017 GMT (1825 days)

Write out database with 1 new entries
certs/0A.pem: Permission denied
140316543539016:error:0200100D:system library:fopen:Permission denied:bss_file.c:355:fopen('certs/0A.pem','w')
140316543539016:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:357:

Comment 4 Dafna Ron 2012-11-26 18:08:56 UTC

verified on 3.0 -> 24.4

before: 

[root@daffi-linux certs]# ls -l
total 36
-rw-r--r--. 1 root  root  3504 Nov 24 21:58 01.pem
-rw-r--r--. 1 root  root  3650 Nov 24 21:58 02.pem
-rw-rw-r--. 1 jboss jboss 3622 Nov 26 13:11 03.pem
-rw-rw-r--. 1 jboss jboss 3622 Nov 26 14:49 04.pem
-rw-r--r--. 1 root  root   825 Nov 24 21:58 ca.der
-rwxr-xr-x. 1 jboss jboss    0 Aug 22 20:12 emptyfile.txt
-rw-rw-r--. 1 jboss jboss 3622 Nov 26 13:11 gold-vdsc.qa.lab.tlv.redhat.comcert.pem
-rw-rw-r--. 1 jboss jboss 3622 Nov 26 14:49 gold-vdsd.qa.lab.tlv.redhat.comcert.pem
-rw-r--r--. 1 root  root  3650 Nov 24 21:58 rhevm.cer
-rw-r--r--. 1 root  root   844 Nov 24 21:58 rhevm.der
[root@daffi-linux certs]# 


after:

[root@daffi-linux certs]# ls -l
total 36
-rw-r--r--. 1 root  root  3504 Nov 24 21:58 01.pem
-rw-r--r--. 1 root  root  3650 Nov 24 21:58 02.pem
-rw-rw-r--. 1 ovirt ovirt 3622 Nov 26 13:11 03.pem
-rw-rw-r--. 1 ovirt ovirt 3622 Nov 26 14:49 04.pem
-rw-r--r--. 1 root  root   825 Nov 24 21:58 ca.der
-rwxr-xr-x. 1 ovirt ovirt    0 Aug 22 20:12 emptyfile.txt
-rw-r--r--. 1 root  root  3650 Nov 24 21:58 engine.cer
-rw-r--r--. 1 root  root   844 Nov 24 21:58 engine.der
-rw-rw-r--. 1 ovirt ovirt 3622 Nov 26 13:11 gold-vdsc.qa.lab.tlv.redhat.comcert.pem
-rw-rw-r--. 1 ovirt ovirt 3622 Nov 26 14:49 gold-vdsd.qa.lab.tlv.redhat.comcert.pem

Note You need to log in before you can comment on or make changes to this bug.