On Mon, Dec 21, 2015 at 3:52 PM, Gianluca Cecchi <gianluca.cecchi@gmail.com> wrote:

On Mon, Dec 21, 2015 at 2:10 PM, Yedidyah Bar David wrote:
On Sun, Dec 20, 2015 at 9:50 PM, Martin Perina wrote:
>
>

[snip]

>>
>> So you should run engine-setup after you update this package.
>>
>> Martin - is this intentional? Why not update the package automatically
>> during engine-setup?
>>
>> Or even version-lock it? I do not think people should expect their engine
>> to not allow logins after they run 'yum update'. Adding also Sandro.
>
> Hi,
>
> there are several reasons for this:
>
> 1. aaa-jdbc is an engine 3.6 extension, engine requires its presence to
> provide 'internal' domain but it doesn't require any specific version,
> so users may update aaa-jdbc independently on engine if they need
> features provided provided by new version
>
> 2. engine-setup automatically configures/upgrades 'internal' domain, but
> users may define manually other domains (as described in README.admin)
> and those domains are not touched by engine-setup at all
>
> 3. Due to 1. and 2. we decided not to define version specific requirement
> between engine and aaa-jdbc in engine-setup (same behaviour as already
> exists for other engine extensions). So users may for example upgrade
> engine, but leave aaa-jdbc as is or leave engine as is and upgrade
> aaa-jdbc if they need it. Users just need to get used to read doc
> before doing upgrade.

Now filed: https://bugzilla.redhat.com/show_bug.cgi?id=1293338

Best,
--
Didi

Thanks, I gave my contribute inside the bugzilla.
I personally felt this behavior could potentially break many oVirt and possibly RHEV installations based on the internal profile and your action seems to confirm it.
As a user I disagree with Martin point in 3. as I'm usually inclined to read the docs but not all the READMEs provided by any single package in the system. I didn't find a clear reference to this step inside the oVirt web documentation, but I could be wrong. I rememebr about it only when I played with FreeIPA authentication in oVirt, but not in internal usage.
But if this problem can become an opportunity to make both docs and users better entities it's not a problem for me...
Gianluca

In the mean time I was "able" to solve the problems following what already asked some days ago:

http://lists.ovirt.org/pipermail/users/2015-December/036601.html

- verified no tasks on hypervisor as what found in business_entity_snapshot are failed attempts to import hosted engine storage domain

[root@ractor ~]# vdsClient -s 0 getAllTasksStatuses

{'status': {'message': 'OK', 'code': 0}, 'allTasksStatus': {}}

- stop engine

systemctl stop ovirt-engine

- delete on db

engine=# delete from business_entity_snapshot ;

DELETE 3

engine=# commit;

COMMIT

engine=# exit

engine-# \q

-bash-4.2$ exit

logout

- start engine

systemctl start engine

- update ovirt-engine-extension-aaa-jdbc

---> Package ovirt-engine-extension-aaa-jdbc.noarch 0:1.0.1-1.el7 will be updated

---> Package ovirt-engine-extension-aaa-jdbc.noarch 0:1.0.4-1.el7 will be an update

- engine-setup now completes ok

(based on /usr/share/doc/ovirt-engine-extension-aaa-jdbc-1.0.4/README.admin as I have only internal profile)

[root@ractorshe ovirt-engine]# engine-setup

[ INFO ] Stage: Initializing

[ INFO ] Stage: Environment setup

Configuration files: ['/etc/ovirt-engine-setup.conf.d/10-packaging-jboss.conf', '/etc/ovirt-engine-setup.conf.d/10-packaging.conf', '/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf']

Log file: /var/log/ovirt-engine/setup/ovirt-engine-setup-20151222171311-pad6e4.log

Version: otopi-1.4.0 (otopi-1.4.0-1.el7.centos)

[ INFO ] Stage: Environment packages setup

[ INFO ] Stage: Programs detection

[ INFO ] Stage: Environment setup

[ INFO ] Stage: Environment customization

--== PRODUCT OPTIONS ==--

--== PACKAGES ==--

[ INFO ] Checking for product updates...

[ INFO ] No product updates found

--== ALL IN ONE CONFIGURATION ==--

--== NETWORK CONFIGURATION ==--

[WARNING] Failed to resolve ractorshe.my.domain using DNS, it can be resolved only locally

Setup can automatically configure the firewall on this system.

Note: automatic configuration of the firewall may overwrite current settings.

Do you want Setup to configure the firewall? (Yes, No) [Yes]: Yes

[ INFO ] firewalld will be configured as firewall manager.

[WARNING] Failed to resolve ractorshe.my.domain using DNS, it can be resolved only locally

--== DATABASE CONFIGURATION ==--

--== OVIRT ENGINE CONFIGURATION ==--

--== STORAGE CONFIGURATION ==--

--== PKI CONFIGURATION ==--

--== APACHE CONFIGURATION ==--

--== SYSTEM CONFIGURATION ==--

--== MISC CONFIGURATION ==--

--== END OF CONFIGURATION ==--

[ INFO ] Stage: Setup validation

During execution engine service will be stopped (OK, Cancel) [OK]:

[ INFO ] Cleaning stale zombie tasks and commands

--== CONFIGURATION PREVIEW ==--

Default SAN wipe after delete : False

Firewall manager : firewalld

Update Firewall : True

Host FQDN : ractorshe.my.domain

Engine database secured connection : False

Engine database host : localhost

Engine database user name : engine

Engine database name : engine

Engine database port : 5432

Engine database host name validation : False

Engine installation : True

PKI organization : my.domain

Configure VMConsole Proxy : True

Engine Host FQDN : ractorshe.my.domain

Configure WebSocket Proxy : True

Please confirm installation settings (OK, Cancel) [OK]:

[ INFO ] Cleaning async tasks and compensations

[ INFO ] Unlocking existing entities

[ INFO ] Checking the Engine database consistency

[ INFO ] Stage: Transaction setup

[ INFO ] Stopping engine service

[ INFO ] Stopping ovirt-fence-kdump-listener service

[ INFO ] Stopping websocket-proxy service

[ INFO ] Stage: Misc configuration

[ INFO ] Stage: Package installation

[ INFO ] Stage: Misc configuration

[ INFO ] Backing up database localhost:engine to '/var/lib/ovirt-engine/backups/engine-20151222171352.J1P6M4.dump'.

[ INFO ] Creating/refreshing Engine database schema

[ INFO ] Creating/refreshing Engine 'internal' domain database schema

[ INFO ] Upgrading CA

[ INFO ] Configuring WebSocket Proxy

[ INFO ] Generating post install configuration file '/etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf'

[ INFO ] Stage: Transaction commit

[ INFO ] Stage: Closing up

--== SUMMARY ==--

SSH fingerprint: 19:56:8d:3e:50:fc:90:37:5a:ba:6c:57:30:b1:7d:93

Internal CA DA:E6:04:34:99:A0:DB:CE:3F:0A:7B:A2:96:67:4C:7F:19:CA:95:5F

Note! If you want to gather statistical information you can install Reports and/or DWH:

http://www.ovirt.org/Ovirt_DWH

http://www.ovirt.org/Ovirt_Reports

Web access is enabled at:

http://ractorshe.my.domain:80/ovirt-engine

https://ractorshe.my.domain:443/ovirt-engine

--== END OF SUMMARY ==--

[ INFO ] Starting engine service

[ INFO ] Restarting httpd

[ INFO ] Restarting ovirt-vmconsole proxy service

[ INFO ] Stage: Clean up

Log file is located at /var/log/ovirt-engine/setup/ovirt-engine-setup-20151222171311-pad6e4.log

[ INFO ] Generating answer file '/var/lib/ovirt-engine/setup/answers/20151222171439-setup.conf'

[ INFO ] Stage: Pre-termination

[ INFO ] Stage: Termination

[ INFO ] Execution of setup completed successfully

- Test with success login to webadmin portal with admin@internal and lates ovirt-engine-extension-aaa-jdbc applied

Gianluca