Skip to content
This repository has been archived by the owner on Feb 9, 2022. It is now read-only.

Stop and disable libvirtd-tls.socket in intial clean #328

Merged
merged 1 commit into from
Jun 15, 2020
Merged

Stop and disable libvirtd-tls.socket in intial clean #328

merged 1 commit into from
Jun 15, 2020

Conversation

nijinashok
Copy link
Contributor

If the libvirtd-tls.socket service is not disabled, then the libvirtd will fail to start with error "Cannot read certificate '/etc/pki/libvirt/servercert.pem': No such file or directory." if we reattempt after a failed deployment.

The libvirtd will check for the certificates if the tls socket service is enabled and fails with the mentioned error. This issue happens if we reattempt the deployment when it fails after the libvirtd was configured for the vdsm.

@nijinashok
Stop and disable libvirtd-tls.socket in intial clean
7188dc2 
If the libvirtd-tls.socket service is not disabled, then the
libvirtd will fail to start with error "Cannot read certificate
'/etc/pki/libvirt/servercert.pem': No such file or directory."
if we reattempt after a failed deployment. The libvirtd
will check for the certificates if the tls socket service is
enabled and fails with the mentioned errors.
@ovirt-infra
Copy link

Hello contributor, thanks for submitting a PR for this project!

I am the bot who triggers "standard-CI" builds for this project.
As a security measure, I will not run automated tests on PRs that are not from white-listed contributors.

In order to allow automated tests to run, please ask one of the project maintainers to review the code and then do one of the following:

  1. Type ci test please on this PR to trigger automated tests for it.
  2. Type ci add to whitelist on this PR to trigger automated tests for it and also add you to the contributor white-list so that your future PRs will be tested automatically. ( keep in mind this list might be overwritten if the job XML is refreshed, for permanent whitelisting, please follow Add generic test for service status #3 option )
  3. If you are planning to contribute to more than one project, maybe it's better to ask them to add you to the project organization, so you'll be able to run tests for all the organization's projects.

@sandrobonazzola
Copy link
Member

ci add to whitelist

sandrobonazzola
sandrobonazzola approved these changes Jun 9, 2020
View reviewed changes
Copy link
Member

@sandrobonazzola sandrobonazzola left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good to me but maintainers should review

@arachmani
Copy link
Member

Thanks @nijinashok, we already added it to the HE cleanup tool ovirt-hosted-engine-cleanup
https://gerrit.ovirt.org/#/c/109131/
So if you will use the cleanup tool (will be available in ovirt-hosted-engine-setup-2.4.5), redeploy should succeed.

@nijinashok
Copy link
Contributor Author

I think it will be great to add this to deployment as well. Most of the cleanup codes are available in the deployment too and most of the time deployment works without running ovirt-hosted-engine-cleanup.

@eslutsky
Copy link
Contributor

Thanks @nijinashok, we already added it to the HE cleanup tool ovirt-hosted-engine-cleanup
https://gerrit.ovirt.org/#/c/109131/
So if you will use the cleanup tool (will be available in ovirt-hosted-engine-setup-2.4.5), redeploy should succeed.

this commit will bring us closer to redeploy HE without having to perform the manual cleanup.

@arachmani
Copy link
Member

I think it will be great to add this to deployment as well. Most of the cleanup codes are available in the deployment too and most of the time deployment works without running ovirt-hosted-engine-cleanup.

I think that you must run the cleanup. If you will not use the cleanup you may have some leftovers (files, IP rules, memory allocation, etc.) on the host and the deployment can fail because of that, and in general, it's bad practice.

@eslutsky
Copy link
Contributor

I think it will be great to add this to deployment as well. Most of the cleanup codes are available in the deployment too and most of the time deployment works without running ovirt-hosted-engine-cleanup.

I think that you must run the cleanup. If you will not use the cleanup you may have some leftovers (files, IP rules, memory allocation, etc.) on the host and the deployment can fail because of that, and in general, it's bad practice.

if we really want to pursue that policy we must also enforce it,
meaning detect that HE already deployed, fail early during the hosted-engine-setup or cockpit phase with a clear error saying to run the cleanup to redeploy if needed.

@eslutsky eslutsky merged commit f4cffb4 into oVirt:master Jun 15, 2020
@nijinashok nijinashok deleted the libvirt branch June 15, 2020 14:11
@eslutsky
Copy link
Contributor

discussed with @arachmani offline, it does make sense to merge since it also fixes https://bugzilla.redhat.com/show_bug.cgi?id=1834422

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@eslutsky eslutsky eslutsky approved these changes

@arachmani arachmani Awaiting requested review from arachmani

@sandrobonazzola sandrobonazzola Awaiting requested review from sandrobonazzola

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@nijinashok @ovirt-infra @sandrobonazzola @arachmani @eslutsky