Unprompted engine VdsDeploy -- updating a package on host?
Hi, As I was going through my daily logwatch I noticed that a package got updated on my ovirt host last night. But I know that I didn't do that on my own. Looking at the logs I tracked it down to the hosted engine running a VdsDeploy process which updated the package on the host. I know from the timestamp that it wasn't me that initiated that action. Is the engine supposed to update packages on hosts unprompted like that? -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant
No updates are run automatically. Is either a user initiate a install or upgrade file. Yaniv Dary Technical Product Manager Red Hat Israel Ltd. 34 Jerusalem Road Building A, 4th floor Ra'anana, Israel 4350109 Tel : +972 (9) 7692306 8272306 Email: ydary@redhat.com IRC : ydary On Dec 13, 2016 17:50, "Derek Atkins" <derek@ihtfp.com> wrote:
Hi,
As I was going through my daily logwatch I noticed that a package got updated on my ovirt host last night. But I know that I didn't do that on my own. Looking at the logs I tracked it down to the hosted engine running a VdsDeploy process which updated the package on the host. I know from the timestamp that it wasn't me that initiated that action.
Is the engine supposed to update packages on hosts unprompted like that?
-derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant _______________________________________________ Users mailing list Users@ovirt.org http://lists.phx.ovirt.org/mailman/listinfo/users
Hi, If it's user-initiated, how do I see who initiated it? I was in bed when it happened so I know it wasn't me. And I don't have any other admin users. Looking in my engine.log file I see: 2016-12-12 23:16:46,941 INFO [org.ovirt.engine.core.bll.hostdeploy.VdsDeployBase] (DefaultQuartzScheduler9) [4eb758cf] Connected to host HOST.DOM.AIN with SSH key fingerprint: SHA256:<removed> 2016-12-12 23:16:47,020 INFO [org.ovirt.engine.core.bll.hostdeploy.VdsDeployBase] (DefaultQuartzScheduler9) [4eb758cf] Installation of HOST.DOM.AIN. Executing command via SSH umask 0077; MYTMP="$(TMPDIR="${OVIRT_TMPDIR}" mktemp -d -t ovirt-XXXXXXXXXX)"; trap "chmod -R u+rwX \"${MYTMP}\" > /dev/null 2>&1; rm -fr \"${MYTMP}\" > /dev/null 2>&1" 0; tar --warning=no-timestamp -C "${MYTMP}" -x && "${MYTMP}"/ovirt-host-mgmt DIALOG/dialect=str:machine DIALOG/customization=bool:True < /var/cache/ovirt-engine/ovirt-host-deploy.tar I can certainly send more than this... But I certainly didn't initiate anything at 23:16, and I don't see anything in the event log in the UI. I *DO* see "Host has available updates" message in the log from 23:17, but that doesn't explain why the system would auto-install (or auto-update) the 'iproute' package?? [host]# tail -f /var/log/yum.log: Dec 12 23:17:17 Updated: iproute-3.10.0-74.el7.x86_64 Any ideas? Thanks, -derek On Wed, December 14, 2016 12:25 pm, Yaniv Dary wrote:
No updates are run automatically. Is either a user initiate a install or upgrade file.
Yaniv Dary Technical Product Manager Red Hat Israel Ltd. 34 Jerusalem Road Building A, 4th floor Ra'anana, Israel 4350109
Tel : +972 (9) 7692306 8272306 Email: ydary@redhat.com IRC : ydary
On Dec 13, 2016 17:50, "Derek Atkins" <derek@ihtfp.com> wrote:
Hi,
As I was going through my daily logwatch I noticed that a package got updated on my ovirt host last night. But I know that I didn't do that on my own. Looking at the logs I tracked it down to the hosted engine running a VdsDeploy process which updated the package on the host. I know from the timestamp that it wasn't me that initiated that action.
Is the engine supposed to update packages on hosts unprompted like that?
-derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant _______________________________________________ Users mailing list Users@ovirt.org http://lists.phx.ovirt.org/mailman/listinfo/users
-- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant
I don't know. We do not do automatic updates. This is even not recommended unless the host is on maintenance. You can open a bug and we can have a look. Yaniv Dary Technical Product Manager Red Hat Israel Ltd. 34 Jerusalem Road Building A, 4th floor Ra'anana, Israel 4350109 Tel : +972 (9) 7692306 8272306 Email: ydary@redhat.com IRC : ydary On Wed, Dec 14, 2016 at 7:45 PM, Derek Atkins <derek@ihtfp.com> wrote:
Hi,
If it's user-initiated, how do I see who initiated it? I was in bed when it happened so I know it wasn't me. And I don't have any other admin users.
Looking in my engine.log file I see:
2016-12-12 23:16:46,941 INFO [org.ovirt.engine.core.bll.hostdeploy.VdsDeployBase] (DefaultQuartzScheduler9) [4eb758cf] Connected to host HOST.DOM.AIN with SSH key fingerprint: SHA256:<removed> 2016-12-12 23:16:47,020 INFO [org.ovirt.engine.core.bll.hostdeploy.VdsDeployBase] (DefaultQuartzScheduler9) [4eb758cf] Installation of HOST.DOM.AIN. Executing command via SSH umask 0077; MYTMP="$(TMPDIR="${OVIRT_TMPDIR}" mktemp -d -t ovirt-XXXXXXXXXX)"; trap "chmod -R u+rwX \"${MYTMP}\" > /dev/null 2>&1; rm -fr \"${MYTMP}\" > /dev/null 2>&1" 0; tar --warning=no-timestamp -C "${MYTMP}" -x && "${MYTMP}"/ovirt-host-mgmt DIALOG/dialect=str:machine DIALOG/customization=bool:True < /var/cache/ovirt-engine/ovirt-host-deploy.tar
I can certainly send more than this... But I certainly didn't initiate anything at 23:16, and I don't see anything in the event log in the UI. I *DO* see "Host has available updates" message in the log from 23:17, but that doesn't explain why the system would auto-install (or auto-update) the 'iproute' package??
[host]# tail -f /var/log/yum.log: Dec 12 23:17:17 Updated: iproute-3.10.0-74.el7.x86_64
Any ideas?
Thanks,
-derek
On Wed, December 14, 2016 12:25 pm, Yaniv Dary wrote:
No updates are run automatically. Is either a user initiate a install or upgrade file.
Yaniv Dary Technical Product Manager Red Hat Israel Ltd. 34 Jerusalem Road Building A, 4th floor Ra'anana, Israel 4350109
Tel : +972 (9) 7692306 8272306 Email: ydary@redhat.com IRC : ydary
On Dec 13, 2016 17:50, "Derek Atkins" <derek@ihtfp.com> wrote:
Hi,
As I was going through my daily logwatch I noticed that a package got updated on my ovirt host last night. But I know that I didn't do that on my own. Looking at the logs I tracked it down to the hosted engine running a VdsDeploy process which updated the package on the host. I know from the timestamp that it wasn't me that initiated that action.
Is the engine supposed to update packages on hosts unprompted like that?
-derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant _______________________________________________ Users mailing list Users@ovirt.org http://lists.phx.ovirt.org/mailman/listinfo/users
-- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant
participants (2)
-
Derek Atkins -
Yaniv Dary