engine randomly updated 1 package on all my hosts overnight
I received an alert from OSSEC HIDS that a package was installed at 00:59. Nobody uses this infrastructure but me Upon investigation I find this Sep 14 00:59:18 ovirthost1 sshd[93263]: Accepted publickey for root from 10.0.16.50 port 50197 ssh2: RSA 1c:fc:0d:b8:40:2c:bf:87:f7:8f:b2:52:0b:c4:f6:4d Sep 14 00:59:18 ovirthost1 sshd[93263]: pam_unix(sshd:session): session opened for user root by (uid=0) Sep 14 00:59:46 ovirthost1 sshd[93263]: pam_unix(sshd:session): session closed for user root 10.0.16.50 is my ovirt engine And the yum log Sep 14 00:59:28 Updated: iproute-3.10.0-87.el7.x86_64 However, what is baffling to me is that this is a cluster I setup about 9 months ago and have not updated at all (its a testing env for VM systems) Why would ovirt seemingly randomly update and install a package? I know the engine checks for updates on hosts but this is the first time in my time using ovirt that ovirt instructed a host to install a package. This occurred on all of my ovirt nodes in this infrastructure (3) ovirt Version 4.0.1.1-1.el7.centos
Hello - Can anyone just briefly tell me if this is expected behavior or not? I know you can tell the engine to update hosts, but nobody was using the engine and I see the engine logging in and the yum command being run so I am curious if this is expected or not? On Thu, Sep 14, 2017 at 10:54 AM, Charles Kozler <ckozleriii@gmail.com> wrote:
I received an alert from OSSEC HIDS that a package was installed at 00:59. Nobody uses this infrastructure but me
Upon investigation I find this
Sep 14 00:59:18 ovirthost1 sshd[93263]: Accepted publickey for root from 10.0.16.50 port 50197 ssh2: RSA 1c:fc:0d:b8:40:2c:bf:87:f7:8f: b2:52:0b:c4:f6:4d Sep 14 00:59:18 ovirthost1 sshd[93263]: pam_unix(sshd:session): session opened for user root by (uid=0) Sep 14 00:59:46 ovirthost1 sshd[93263]: pam_unix(sshd:session): session closed for user root
10.0.16.50 is my ovirt engine
And the yum log
Sep 14 00:59:28 Updated: iproute-3.10.0-87.el7.x86_64
However, what is baffling to me is that this is a cluster I setup about 9 months ago and have not updated at all (its a testing env for VM systems)
Why would ovirt seemingly randomly update and install a package? I know the engine checks for updates on hosts but this is the first time in my time using ovirt that ovirt instructed a host to install a package. This occurred on all of my ovirt nodes in this infrastructure (3)
ovirt Version 4.0.1.1-1.el7.centos
On Fri, Sep 15, 2017 at 5:12 PM, Charles Kozler <ckozleriii@gmail.com> wrote:
Hello -
Can anyone just briefly tell me if this is expected behavior or not?
I know you can tell the engine to update hosts, but nobody was using the engine and I see the engine logging in and the yum command being run so I am curious if this is expected or not?
It is, unless you have otopi-1.6.2 or later: https://bugzilla.redhat.com/show_bug.cgi?id=1405838
On Thu, Sep 14, 2017 at 10:54 AM, Charles Kozler <ckozleriii@gmail.com> wrote:
I received an alert from OSSEC HIDS that a package was installed at 00:59. Nobody uses this infrastructure but me
Upon investigation I find this
Sep 14 00:59:18 ovirthost1 sshd[93263]: Accepted publickey for root from 10.0.16.50 port 50197 ssh2: RSA 1c:fc:0d:b8:40:2c:bf:87:f7:8f:b2:52:0b:c4:f6:4d Sep 14 00:59:18 ovirthost1 sshd[93263]: pam_unix(sshd:session): session opened for user root by (uid=0) Sep 14 00:59:46 ovirthost1 sshd[93263]: pam_unix(sshd:session): session closed for user root
10.0.16.50 is my ovirt engine
And the yum log
Sep 14 00:59:28 Updated: iproute-3.10.0-87.el7.x86_64
However, what is baffling to me is that this is a cluster I setup about 9 months ago and have not updated at all (its a testing env for VM systems)
Why would ovirt seemingly randomly update and install a package? I know the engine checks for updates on hosts but this is the first time in my time using ovirt that ovirt instructed a host to install a package. This occurred on all of my ovirt nodes in this infrastructure (3)
Probably the reason this didn't happen before is a mere coincidence - there are not many updates to 'iproute', or you did update it manually in other cases, or something like that.
ovirt Version 4.0.1.1-1.el7.centos
Most likely you have otopi-1.5.2, which does not have above bug fixed. You might consider upgrading to oVirt 4.1. Best, -- Didi
On 09/17/2017 02:00 AM, Yedidyah Bar David wrote:
On Fri, Sep 15, 2017 at 5:12 PM, Charles Kozler <ckozleriii@gmail.com> wrote:
Hello -
Can anyone just briefly tell me if this is expected behavior or not?
I know you can tell the engine to update hosts, but nobody was using the engine and I see the engine logging in and the yum command being run so I am curious if this is expected or not?
My iproute mysteriously updated as well.
Thanks for confirming On Sun, Sep 17, 2017 at 11:05 AM, Christopher Cox <ccox@endlessnow.com> wrote:
On 09/17/2017 02:00 AM, Yedidyah Bar David wrote:
On Fri, Sep 15, 2017 at 5:12 PM, Charles Kozler <ckozleriii@gmail.com> wrote:
Hello -
Can anyone just briefly tell me if this is expected behavior or not?
I know you can tell the engine to update hosts, but nobody was using the engine and I see the engine logging in and the yum command being run so I am curious if this is expected or not?
My iproute mysteriously updated as well.
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Yedidyah - yes, update would be best of course. I've had this HIDS running for a little over a year or so and never saw this before so was a little weary On Sun, Sep 17, 2017 at 3:00 AM, Yedidyah Bar David <didi@redhat.com> wrote:
On Fri, Sep 15, 2017 at 5:12 PM, Charles Kozler <ckozleriii@gmail.com> wrote:
Hello -
Can anyone just briefly tell me if this is expected behavior or not?
I know you can tell the engine to update hosts, but nobody was using the engine and I see the engine logging in and the yum command being run so I am curious if this is expected or not?
It is, unless you have otopi-1.6.2 or later:
https://bugzilla.redhat.com/show_bug.cgi?id=1405838
On Thu, Sep 14, 2017 at 10:54 AM, Charles Kozler <ckozleriii@gmail.com> wrote:
I received an alert from OSSEC HIDS that a package was installed at
00:59.
Nobody uses this infrastructure but me
Upon investigation I find this
Sep 14 00:59:18 ovirthost1 sshd[93263]: Accepted publickey for root from 10.0.16.50 port 50197 ssh2: RSA 1c:fc:0d:b8:40:2c:bf:87:f7:8f:b2:52:0b:c4:f6:4d Sep 14 00:59:18 ovirthost1 sshd[93263]: pam_unix(sshd:session): session opened for user root by (uid=0) Sep 14 00:59:46 ovirthost1 sshd[93263]: pam_unix(sshd:session): session closed for user root
10.0.16.50 is my ovirt engine
And the yum log
Sep 14 00:59:28 Updated: iproute-3.10.0-87.el7.x86_64
However, what is baffling to me is that this is a cluster I setup about 9 months ago and have not updated at all (its a testing env for VM systems)
Why would ovirt seemingly randomly update and install a package? I know the engine checks for updates on hosts but this is the first time in my time using ovirt that ovirt instructed a host to install a package. This occurred on all of my ovirt nodes in this infrastructure (3)
Probably the reason this didn't happen before is a mere coincidence - there are not many updates to 'iproute', or you did update it manually in other cases, or something like that.
ovirt Version 4.0.1.1-1.el7.centos
Most likely you have otopi-1.5.2, which does not have above bug fixed.
You might consider upgrading to oVirt 4.1.
Best, -- Didi
participants (3)
-
Charles Kozler -
Christopher Cox -
Yedidyah Bar David