Bug 1116040 - pulp-admin node sync command can only be called by root
Summary: pulp-admin node sync command can only be called by root
Alias: None
Product: Pulp
Classification: Retired
Component: user-experience
Version: 2.4 Beta
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 2.6.0
Assignee: Jeff Ortel
QA Contact: Irina Gulina
Depends On:
TreeView+ depends on / blocked
Reported: 2014-07-03 14:25 UTC by Jeff Ortel
Modified: 2015-02-28 22:12 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2015-02-28 22:12:17 UTC

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Pulp Redmine 467 0 None None None Never

Description Jeff Ortel 2014-07-03 14:25:56 UTC
Description of problem:

pulp-admin node sync command can only be called by root because the command imports a constant from a module that reads /etc/pulp/server.conf.  Running as non-root user raises permission-denied.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.  Run pulp-admin node sync ...

Actual results:

permission denied reading /etc/pulp/server.conf.

Expected results:

No errors.

Additional info:

Comment 1 Jeff Ortel 2014-07-03 14:26:55 UTC
The easiest fix for this is to move PRIMARY_ID to constants.py and have all modules import from there.

Comment 2 Michael Hrivnak 2014-07-03 18:27:27 UTC
The best fix is for the offending module to not read a config file at import time, but that is likely a longer-term fix.

Comment 3 Randy Barlow 2014-07-21 20:03:35 UTC
I think there's something else really important to note here: pulp-admin can't be assumed to have an /etc/pulp/server.conf on the machine it is running on. Remember that pulp-admin connects over the REST API, so it's not necessarily on a machine that has pulp-server installed. Also, even if it does have a server.conf, that's no guarantee that it's the same server.conf for the server that pulp-admin is connecting to.

Comment 4 Jeff Ortel 2014-09-22 21:11:30 UTC
Two things need to happen here:
1. PRIMARY_ID to constants.py as suggested in #1.
2. Fix server/config.py

Number 2 should be a separate BZ.

Comment 5 Jeff Ortel 2014-11-04 16:04:48 UTC
Bug opened against server/config.py https://bugzilla.redhat.com/show_bug.cgi?id=1160369.

Comment 6 Chris Duryee 2014-11-04 18:11:20 UTC
The fix for issue #1 in comment 4 is merged to 2.5-dev and master. Marking BZ as MODIFIED since issue #2 has its own BZ now.

Comment 7 Chris Duryee 2014-12-23 20:52:54 UTC
fixed in pulp 2.6.0-0.2.beta

Comment 8 Irina Gulina 2015-01-12 14:02:03 UTC
On parent:

>> rpm -qa pulp-server

>> [ec2-user@host ~]$ pulp-admin rpm repo create --repo-id gatto --feed https://repos.fedorapeople.org/repos/pulp/pulp/demo_repos/zoo/cat-1.0-1.noarch.rpm
Successfully created repository [gatto]

>> [ec2-user@host ~]$ pulp-admin node repo enable --repo-id gatto
Repository enabled.

Note: Repository [ gatto ] will not be available for node synchronization until published.  See: the 'node repo publish' command.

Warning: enabling with auto-publish may degrade repository synchronization

>> [ec2-user@host ~]$ pulp-admin node repo publish --repo-id gatto
This command may be exited via ctrl+c without affecting the request.


Publish succeeded.

>> [ec2-user@host ~]$ pulp-admin node bind --node-id zoo --repo-id gatto
Node bind succeeded.

Note: Repository [ gatto ] will be included in node synchronization.

>>[ec2-user@host ~]$ pulp-admin node sync run --node-id zoo
This command may be exited via ctrl+c without affecting the request.

(1/2) Repository: gatto
[==================================================] 100%

Synchronization succeeded

                           Child Node Synchronization
Action:          Added
Content Sources:
Total Sources: 0
Id:              gatto
Added:   0
Removed: 0
Updated: 0

On child:
>> find /var/lib/pulp/ -name "*.rpm"

Comment 9 Brian Bouterse 2015-02-28 22:12:17 UTC
Moved to https://pulp.plan.io/issues/467

Note You need to log in before you can comment on or make changes to this bug.