Bug 1473910

Summary:	fix_db_cache needs to run with admin permissions
Product:	Red Hat Satellite	Reporter:	Marek Hulan <mhulan>
Component:	Infrastructure	Assignee:	Daniel Lobato Garcia <dlobatog>
Status:	CLOSED ERRATA	QA Contact:	Sebastian Gräßl <sgraessl>
Severity:	medium	Docs Contact:
Priority:	medium
Version:	6.3.0	CC:	bbuckingham, dlobatog, jcallaha, sgraessl, zhunting
Target Milestone:	Unspecified	Keywords:	Triaged
Target Release:	Unused
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	foreman-1.15.2	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2018-02-21 16:51:07 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Marek Hulan 2017-07-22 09:53:36 UTC

The rake task 'fix_db_cache' triggers CacheManager, and CacheManager tries to find roles, user groups, etc.. without any permissions. This will cause it to fail with an error similar to https://gist.github.com/52da11cb368ec530bcf0247d3ee38855 .

Many of the actions called by CacheManager, like UsergroupMember.save will have to find objects that needs permissions to be viewed, hence CacheManager has to be called "as_admin".

Comment 1 Marek Hulan 2017-07-22 09:53:41 UTC

Created from redmine issue http://projects.theforeman.org/issues/20104

Comment 2 Marek Hulan 2017-07-22 09:53:49 UTC

Upstream bug assigned to dlobatog

Comment 5 Zach Huntington-Meath 2017-08-09 19:30:05 UTC

I ran

foreman-rake fix_db_cache

The error mentioned before is not outputted. However there is a new warning: 

/opt/theforeman/tfm/root/usr/share/gems/gems/redhat_access-2.0.3/app/services/redhat_access/telemetry/look_ups.rb:171: warning: key :hosts is duplicated and overwritten on line 172

Sadly going to fail qa and put it back to assigned.

Comment 6 Daniel Lobato Garcia 2017-08-29 10:08:38 UTC

Zach, 

The warning has nothing to do with the fix_db_cache. In fact this warning happens when starting the Rails environment. 

Before this patch was in, the fix_db_cache completely *failed*, which caused people to not be able to upgrade to 1.15.2 (the installer stops if any task fails). 

Did the task stop after this warning (which comes from gem redhat_access by the way)?  If so, it's an issue we hadn't seen upstream and it's only downstream. If it didn't stop, but just outputted some warning, that's probably OK. 

Marek, feel free to correct me since you're the original reporter but I think my message is what is expected of this fix.

Comment 7 Marek Hulan 2017-08-29 11:41:43 UTC

I agree with Daniel. Moving back to ON_QA and removing FailedQA, Zach did the task succeed? Also note that the warning comes from redhat_access gem. If you want to open a bug for the warning, please open it in Access Insights component but I think it should not block this one.

Comment 8 Sebastian Gräßl 2017-08-30 10:13:48 UTC

Verified on Satellite 6.3 snap 13.

`foreman-rake fix_db_cache` succeeds as expected without raising the mentioned permission issues.

Comment 9 Satellite Program 2018-02-21 16:51:07 UTC

Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
> 
> For information on the advisory, and where to find the updated files, follow the link below.
> 
> If the solution does not work for you, open a new bug report.
> 
> https://access.redhat.com/errata/RHSA-2018:0336