On Thu, Jul 4, 2024 at 9:11 AM Yedidyah Bar David <[email protected]> wrote:
> On Wed, Jun 19, 2024 at 10:38 PM Brent S. <[email protected]> wrote: > >> As a quick update to this: >> >> # ovirt-aaa-jdbc-tool >> >> >> Picked up JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false >> >> >> >> Jun 19, 2024 7:28:14 PM >> org.ovirt.engine.extension.aaa.jdbc.binding.cli.Cli main >> >> >> SEVERE: Unexpected Exception invoking Cli: Could not read properties >> from: /etc/ovirt-engine/aaa/internal.properties >> >> Which is, of course, the same message in the log. >> >> This is probably expected, since *engine-setup never actually created the >> file*: >> > > Are you sure about this? > > >> >> # ls -la /etc/ovirt-engine/aaa >> total 4 >> drwxr-xr-x. 2 root root 6 Jun 19 19:27 . >> drwxr-xr-x. 18 root root 4096 Jun 19 19:27 .. >> # >> > > I guess you checked the above only after engine-setup failed/finished, > right? > > >> >> And: >> >> 2024-06-19 19:27:10,917+0000 DEBUG >> otopi.plugins.ovirt_engine_setup.ovirt_engine.config.aaajdbc >> plugin.execute:923 execute-output: >> ['/usr/share/ovirt-engine-extension-aaa-jdbc/dbscripts/schema.sh', '-s', >> '[REDACTED_REMOTE_DB_HOST]', '-p', '5432', '-u', >> '[REDACTED_REMOTE_DB_USER]', '-d', '[REDACTED_REMOTE_DB_NAME]', '-e', >> 'aaa_jdbc', '-l', '/root/ovirt-engine-setup.log', '-c', 'apply'] stderr: >> >> >> 2024-06-19 19:27:10,917+0000 DEBUG otopi.transaction >> transaction._prepare:61 preparing 'File transaction for >> '/etc/ovirt-engine/aaa/internal.properties'' >> 2024-06-19 19:27:10,917+0000 DEBUG otopi.filetransaction >> filetransaction.prepare:184 file >> '/etc/ovirt-engine/aaa/internal.properties' missing >> > > Indeed > > >> 2024-06-19 19:27:10,920+0000 DEBUG otopi.transaction >> transaction._prepare:61 preparing 'File transaction for >> '/etc/ovirt-engine/extensions.d/internal-authn.properties'' >> 2024-06-19 19:27:10,920+0000 DEBUG otopi.filetransaction >> filetransaction.prepare:184 file >> '/etc/ovirt-engine/extensions.d/internal-authn.properties' missing >> 2024-06-19 19:27:10,921+0000 DEBUG otopi.transaction >> transaction._prepare:61 preparing 'File transaction for >> '/etc/ovirt-engine/extensions.d/internal-authz.properties'' >> 2024-06-19 19:27:10,921+0000 DEBUG otopi.filetransaction >> filetransaction.prepare:184 file >> '/etc/ovirt-engine/extensions.d/internal-authz.properties' missing >> 2024-06-19 19:27:10,921+0000 DEBUG >> otopi.plugins.ovirt_engine_setup.ovirt_engine.config.aaajdbc >> plugin.executeRaw:808 execute: ('/usr/bin/ovirt-aaa-jdbc-tool', >> (...) >> >> Is this because I'm using remote databases for the DWH? I was under the >> impression this was supported, especially given that engine-setup prompts >> for the host and it is documented. >> > > I don't think that's related. > > If you grep ovirt-engine sources, you'll find internal.properties in: > > packaging/setup/ovirt_engine_setup/engine/constants.py: > > AAA_JDBC_CONFIG_DB = os.path.join( > OVIRT_ENGINE_SYSCONFDIR, > 'aaa', > 'internal.properties' > ) > > If you then grep for AAA_JDBC_CONFIG_DB, you see it in: > > packaging/setup/plugins/ovirt-engine-setup/ovirt-engine/config/aaajdbc.py: > > def _setupAuth(self): > self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append( > filetransaction.FileTransaction( > name=oenginecons.FileLocations.AAA_JDBC_CONFIG_DB, > ... > visibleButUnsafe=True, > Forgot to mention: You can check otopi sources:src/otopi/filetransaction.py to see what this means. > ... > def _setupAdminUser(self): > toolArgs = ( > oenginecons.FileLocations.AAA_JDBC_TOOL, > '--db-config=%s' % > oenginecons.FileLocations.AAA_JDBC_CONFIG_DB, > ) > ... > @plugin.event( > stage=plugin.Stages.STAGE_MISC, > name=AAA_JDBC_SETUP_ADMIN_USER, > after=( > oengcommcons.Stages.DB_SCHEMA, > oengcommcons.Stages.DB_CONNECTION_AVAILABLE, > oenginecons.Stages.CONFIG_EXTENSIONS_UPGRADE, > ), > before=( > oenginecons.Stages.CONFIG_AAA_ADMIN_USER_SETUP, > ), > condition=lambda self: self.environment[ > oenginecons.ConfigEnv.ADMIN_USER_AUTHZ_TYPE > ] == self.AAA_JDBC_AUTHZ_TYPE, > ) > def _misc(self): > # TODO: if we knew that aaa-jdbc package was upgraded by > engine-setup > # TODO: we could display summary note that custom profiles have to > be > # TODO: upgraded manually > self._setupSchema() > self._setupAuth() > self._setupAdminUser() > ... > > This means that: > At STAGE_MISC, _misc calls _setupAuth, which creates this file, and then > it calls > _setupAdminUser which tries to use it. Latter fails, and engine-setup > rolls back > the MAIN_TRANSACTION, including removing the file. > > I'd start debugging this issue by: > 1. Patching _setupAuth to wait (e.g. using dialog.queryBoolean, search the > source > for examples) after it creates the file, so that I can investigate it > 2. Patching _setupAdminUser to wait after it runs the tool, so that I can > try to > investigate the failure - e.g. run it myself under strace, if the existing > logging > is not enough. > > You can try using the otopi plugin wait_on_error for this, instead of > patching. > > Good luck and best regards, > -- > Didi > -- Didi
_______________________________________________ Users mailing list -- [email protected] To unsubscribe send an email to [email protected] Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/[email protected]/message/RXADNULFUFJS2LXEWWQJKSYJ2OE6AZY5/
