Bug 1334742 - [Docs] [RFE] To remove the required SUPERUSER privileges on the postgres RHEV-M database to CFME to collect capacity and utilization data from RHEV providers
Summary: [Docs] [RFE] To remove the required SUPERUSER privileges on the postgres RHEV...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Documentation
Version: 5.6.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: GA
: 5.7.0
Assignee: Suyog Sainkar
QA Contact: Dayle Parker
URL:
Whiteboard: c&u:rhev
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-05-10 12:40 UTC by Andre Motta
Modified: 2019-12-16 05:45 UTC (History)
14 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-02-05 23:55:03 UTC
Category: ---
Cloudforms Team: Unknown
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Andre Motta 2016-05-10 12:40:49 UTC 
Description of problem:

The user configured on the Infrastructure provider RHEV has to have SUPERUSER privileges set on the RHEV postgres database. From the documentation the example provided to create the user for C & U:

postgres=# CREATE ROLE cfme LOGIN UNENCRYPTED PASSWORD 'smartvm' SUPERUSER VALID UNTIL 'infinity';

Version-Release number of selected component (if applicable):


How reproducible:
Creating a user without SUPERUSER privileges won't allow C & U data to be collected.

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 2 Yaniv Lavi 2016-06-19 13:30:56 UTC 
This not the proper way to collect C&U. I would expect the admin to create a non superuser for CFME by running:

create role xxx with login encrypted password 'password';

And grant read only access to tables and views:

SELECT 'GRANT SELECT ON ' || relname || ' TO xxx;'
FROM pg_class JOIN pg_namespace ON pg_namespace.oid = pg_class.relnamespace
WHERE nspname = 'public' AND relkind IN ('r', 'v', 'S');

I suggest closing this bug.
Comment 3 Christian Jung 2016-06-20 08:19:52 UTC 
HiHo,
the official documentation suggests that the user has to be superuser:
https://access.redhat.com/documentation/en-US/Red_Hat_CloudForms/3.2/html-single/Insight_Guide/index.html#Notes_on_Capacity_and_Utilization_Collection_for_RHEVM_3.1

Are you saying, it's actually a documentation bug?

Regards,
Christian
Comment 4 Yaniv Lavi 2016-06-26 13:55:45 UTC 
(In reply to Christian Jung from comment #3)
> HiHo,
> the official documentation suggests that the user has to be superuser:
> https://access.redhat.com/documentation/en-US/Red_Hat_CloudForms/3.2/html-
> single/Insight_Guide/index.
> html#Notes_on_Capacity_and_Utilization_Collection_for_RHEVM_3.1
> 
> Are you saying, it's actually a documentation bug?
> 
> Regards,
> Christian

Yes, I see no reason for CFME to need to be able to write to the DWH database.
Comment 5 Christian Jung 2016-06-27 00:12:21 UTC 
Can you update/reassign this bug if necessary?
Comment 6 Yaniv Lavi 2016-06-28 09:10:49 UTC 
I'm from the RHEV team, so don't know the process.
Andrew, can you help with this?
Comment 7 Andrew Dahms 2016-06-29 02:17:39 UTC 
Hi Yaniv,

From the looks of it, this is a documentation bug for at least the 3.2 version of the CFME documentation.

My suggestion is that we move this over to CFME under the 'Documentation' component and take care of it there.

Would this be alright?

Kind regards,

Andrew
Comment 8 Yaniv Lavi 2016-06-29 10:35:57 UTC 
Sounds good, done.
Comment 9 Andrew Dahms 2016-06-30 02:09:25 UTC 
Hi Yaniv,

Thanks for moving this over - received!

Kind regards,

Andrew
Comment 13 Andrew Dahms 2016-11-22 04:28:21 UTC 
Assigning to Suyog for review.
Note You need to log in before you can comment on or make changes to this bug.