[ovirt-users] Re: Problems with selinux after updating an ovirt node
It seems that having SELinux in permissive mode is the cause of the problem. I ended up opening a bugzilla but it was set to private because I shared a lot of logs with the RedHat team. Here's a quote from the last comment: "We still do not fully understand the issue - specifically, why it does not happen in enforcing mode." So my personal advice is to set SELinux in enforcing mode and wait for the next update to verify if this solves the issue. Regards Il 7/6/22 11:59, Guillaume Pavese ha scritto: I just had the same problem while upgrading a host from ovirt-node 4.4.10 to 4.5.1 This is all the more surprising since this host had selinux in permissive mode, I would not expect any selinux failures in that case. [root@ps-inf-int-kvm-fr-302-210 ~]# vdsm-tool configure --force Checking configuration status... lvm is configured for vdsm Managed volume database is already configured libvirt is already configured for vdsm SUCCESS: ssl configured to true. No conflicts Current revision of multipath.conf detected, preserving sanlock is configured for vdsm Running configure... libsepol.context_from_record: type insights_client_cache_t is not defined libsepol.context_from_record: could not create context structure libsepol.context_from_string: could not create context structure libsepol.sepol_context_to_sid: could not convert system_u:object_r:insights_client_cache_t:s0 to sid invalid context system_u:object_r:insights_client_cache_t:s0 libsemanage.semanage_validate_and_compile_fcontexts: setfiles returned error code 255. Traceback (most recent call last): File "/bin/vdsm-tool", line 209, in main return tool_command[cmd]["command"](*args) File "/usr/lib/python3.6/site-packages/vdsm/tool/__init__.py", line 40, in wrapper func(*args, **kwargs) File "/usr/lib/python3.6/site-packages/vdsm/tool/configurator.py", line 146, in configure _configure(c) File "/usr/lib/python3.6/site-packages/vdsm/tool/configurator.py", line 93, in _configure getattr(module, 'configure', lambda: None)() File "/usr/lib/python3.6/site-packages/vdsm/tool/configurators/sebool.py", line 88, in configure _setup_booleans(True) File "/usr/lib/python3.6/site-packages/vdsm/tool/configurators/sebool.py", line 60, in _setup_booleans sebool_obj.finish() File "/usr/lib/python3.6/site-packages/seobject.py", line 340, in finish self.commit() File "/usr/lib/python3.6/site-packages/seobject.py", line 330, in commit rc = semanage_commit(self.sh) OSError: [Errno 0] Error [root@ps-inf-int-kvm-fr-302-210 ~]# vdsm-tool configure --module sebool Checking configuration status... Running configure... libsepol.context_from_record: type insights_client_cache_t is not defined libsepol.context_from_record: could not create context structure libsepol.context_from_string: could not create context structure libsepol.sepol_context_to_sid: could not convert system_u:object_r:insights_client_cache_t:s0 to sid invalid context system_u:object_r:insights_client_cache_t:s0 libsemanage.semanage_validate_and_compile_fcontexts: setfiles returned error code 255. Traceback (most recent call last): File "/bin/vdsm-tool", line 209, in main return tool_command[cmd]["command"](*args) File "/usr/lib/python3.6/site-packages/vdsm/tool/__init__.py", line 40, in wrapper func(*args, **kwargs) File "/usr/lib/python3.6/site-packages/vdsm/tool/configurator.py", line 146, in configure _configure(c) File "/usr/lib/python3.6/site-packages/vdsm/tool/configurator.py", line 93, in _configure getattr(module, 'configure', lambda: None)() File "/usr/lib/python3.6/site-packages/vdsm/tool/configurators/sebool.py", line 88, in configure _setup_booleans(True) File "/usr/lib/python3.6/site-packages/vdsm/tool/configurators/sebool.py", line 60, in _setup_booleans sebool_obj.finish() File "/usr/lib/python3.6/site-packages/seobject.py", line 340, in finish self.commit() File "/usr/lib/python3.6/site-packages/seobject.py", line 330, in commit rc = semanage_commit(self.sh) OSError: [Errno 0] Error [root@ps-inf-int-kvm-fr-302-210 ~]# semodule -i /usr/share/selinux/packages/ovirt-vmconsole/ovirt_vmconsole.pp [root@ps-inf-int-kvm-fr-302-210 ~]# vdsm-tool configure --module sebool Checking configuration status... Running configure... Done configuring modules to VDSM. [root@ps-inf-int-kvm-fr-302-210 ~]# vdsm-tool configure --force Checking configuration status... Managed volume database is already configured lvm is configured for vdsm sanlock is configured for vdsm Current
[ovirt-users] Re: Problems with selinux after updating an ovirt node
I just had the same problem while upgrading a host from ovirt-node 4.4.10 to 4.5.1 This is all the more surprising since this host had selinux in permissive mode, I would not expect any selinux failures in that case. [root@ps-inf-int-kvm-fr-302-210 ~]# vdsm-tool configure --force Checking configuration status... lvm is configured for vdsm Managed volume database is already configured libvirt is already configured for vdsm SUCCESS: ssl configured to true. No conflicts Current revision of multipath.conf detected, preserving sanlock is configured for vdsm Running configure... libsepol.context_from_record: type insights_client_cache_t is not defined libsepol.context_from_record: could not create context structure libsepol.context_from_string: could not create context structure libsepol.sepol_context_to_sid: could not convert system_u:object_r:insights_client_cache_t:s0 to sid invalid context system_u:object_r:insights_client_cache_t:s0 libsemanage.semanage_validate_and_compile_fcontexts: setfiles returned error code 255. Traceback (most recent call last): File "/bin/vdsm-tool", line 209, in main return tool_command[cmd]["command"](*args) File "/usr/lib/python3.6/site-packages/vdsm/tool/__init__.py", line 40, in wrapper func(*args, **kwargs) File "/usr/lib/python3.6/site-packages/vdsm/tool/configurator.py", line 146, in configure _configure(c) File "/usr/lib/python3.6/site-packages/vdsm/tool/configurator.py", line 93, in _configure getattr(module, 'configure', lambda: None)() File "/usr/lib/python3.6/site-packages/vdsm/tool/configurators/sebool.py", line 88, in configure _setup_booleans(True) File "/usr/lib/python3.6/site-packages/vdsm/tool/configurators/sebool.py", line 60, in _setup_booleans sebool_obj.finish() File "/usr/lib/python3.6/site-packages/seobject.py", line 340, in finish self.commit() File "/usr/lib/python3.6/site-packages/seobject.py", line 330, in commit rc = semanage_commit(self.sh) OSError: [Errno 0] Error [root@ps-inf-int-kvm-fr-302-210 ~]# vdsm-tool configure --module sebool Checking configuration status... Running configure... libsepol.context_from_record: type insights_client_cache_t is not defined libsepol.context_from_record: could not create context structure libsepol.context_from_string: could not create context structure libsepol.sepol_context_to_sid: could not convert system_u:object_r:insights_client_cache_t:s0 to sid invalid context system_u:object_r:insights_client_cache_t:s0 libsemanage.semanage_validate_and_compile_fcontexts: setfiles returned error code 255. Traceback (most recent call last): File "/bin/vdsm-tool", line 209, in main return tool_command[cmd]["command"](*args) File "/usr/lib/python3.6/site-packages/vdsm/tool/__init__.py", line 40, in wrapper func(*args, **kwargs) File "/usr/lib/python3.6/site-packages/vdsm/tool/configurator.py", line 146, in configure _configure(c) File "/usr/lib/python3.6/site-packages/vdsm/tool/configurator.py", line 93, in _configure getattr(module, 'configure', lambda: None)() File "/usr/lib/python3.6/site-packages/vdsm/tool/configurators/sebool.py", line 88, in configure _setup_booleans(True) File "/usr/lib/python3.6/site-packages/vdsm/tool/configurators/sebool.py", line 60, in _setup_booleans sebool_obj.finish() File "/usr/lib/python3.6/site-packages/seobject.py", line 340, in finish self.commit() File "/usr/lib/python3.6/site-packages/seobject.py", line 330, in commit rc = semanage_commit(self.sh) OSError: [Errno 0] Error [root@ps-inf-int-kvm-fr-302-210 ~]# semodule -i /usr/share/selinux/packages/ovirt-vmconsole/ovirt_vmconsole.pp [root@ps-inf-int-kvm-fr-302-210 ~]# vdsm-tool configure --module sebool Checking configuration status... Running configure... Done configuring modules to VDSM. [root@ps-inf-int-kvm-fr-302-210 ~]# vdsm-tool configure --force Checking configuration status... Managed volume database is already configured lvm is configured for vdsm sanlock is configured for vdsm Current revision of multipath.conf detected, preserving libvirt is already configured for vdsm SUCCESS: ssl configured to true. No conflicts Running configure... Reconfiguration of passwd is done. Reconfiguration of libvirt is done. Done configuring modules to VDSM. Then I had to put the host into maintenance and reinstall it Guillaume Pavese Ingénieur Système et Réseau Interactiv-Group On Sat, Nov 20, 2021 at 2:22 AM wrote: > This was a lifesaver. Thanks! I knew it was selinux, but didn't have the > right .pp file. Thanks! > ___ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/C7PXICFXDLE77GFC762VCVIOTDK7ODBJ/ > --
[ovirt-users] Re: Problems with selinux after updating an ovirt node
This was a lifesaver. Thanks! I knew it was selinux, but didn't have the right .pp file. Thanks! ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/C7PXICFXDLE77GFC762VCVIOTDK7ODBJ/
