Document URL: https://access.redhat.com/documentation/en/red-hat-cloudforms/4.2/single/deployment-planning-guide/ Section Number and Name: 3.3: Data Collection for Red Hat Enterprise Virtualization Describe the issue: What should be expected output of below command? ~~~ SELECT 'GRANT SELECT ON ' || relname || ' TO cfme;' FROM pg_class JOIN pg_namespace ON pg_namespace.oid = pg_class.relnamespace WHERE nspname = 'public' AND relkind IN ('r', 'v', 'S'); ~~~ Description says "grant read-only access to tables and views: " Suggestions for improvement: n/a Additional information: I got zero records found
Suyog, BZ#1334742 is unrelated to this bug. My question was if a user executes query ~~~ SELECT 'GRANT SELECT ON ' || relname || ' TO cfme;' FROM pg_class JOIN pg_namespace ON pg_namespace.oid = pg_class.relnamespace WHERE nspname = 'public' AND relkind IN ('r', 'v', 'S'); ~~~ which according to documentation enables read-only access to user 'cfme'. When I executed the query, it replied with "0 records found". What I doubt is the command did not worked. If the command worked(cfme was granted r/o access) it should have replied with something like "1 record was modified". Does it makes sense? My assumption may be wrong. -- Sachin
The SQL command above and in the documentation (CloudForms 4.2 and prior) only outputs a series of subsequent SQL commands that would need to be executed to actually grant access for cfme user to the ovirt_engine_history DB tables. This method may be for older versions of postgresql. In my environment (CFME 5.7.2.1 and RHVM 4.1.1) the following commands gave read (SELECT) access to cfme user and metrics began to appear shortly after: [root@vrhvm-demolab ~]# su - postgres Last login: Fri May 19 14:35:50 EDT 2017 on pts/0 -bash-4.2$ psql -d ovirt_engine_history -c "grant usage on schema public to cfme;" GRANT -bash-4.2$ psql -d ovirt_engine_history -c "grant select on all tables in schema public to cfme;" GRANT This worked on two separate RHVM providers reporting to a single CFME.
Same result as in RHV-M 4.1 documentation (that I just found): https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.1/html/data_warehouse_guide/allowing_read_only_access_to_the_history_database
This is simple the PL\SQL reply for the scripts. It gives no printed output. This doesn't mean it won't work. It does the job.
I agree. But it did not altered any records("0 record found") which I assumed made no changes in the DB.
We have verified #comment 5 in our rhevm environment and it works as expected. but confusion here is the SQL query altered the DB? SELECT 'GRANT SELECT ON ' || relname || ' TO cfme;' FROM pg_class JOIN pg_namespace ON pg_namespace.oid = pg_class.relnamespace WHERE nspname = 'public' AND relkind IN ('r', 'v', 'S');
As Deepak verified command in comment#5 worked. My question being the SQL query ~~~ SELECT 'GRANT SELECT ON ' || relname || ' TO cfme;' FROM pg_class JOIN pg_namespace ON pg_namespace.oid = pg_class.relnamespace WHERE nspname = 'public' AND relkind IN ('r', 'v', 'S'); ~~~ is expected to give o/p as "0 records found"? in that case I guess above query did not actually grant r/o permissions.
The output of... ovirt_engine_history=# SELECT 'GRANT SELECT ON ' || relname || ' TO cfme;' FROM pg_class JOIN pg_namespace ON pg_namespace.oid = pg_class.relnamespace WHERE nspname = 'public' AND relkind IN ('r', 'v', 'S'); ...produces SQL statements that need to be run as a script. It does not in fact GRANT access to the cfme user. Additional steps are required to grant access. I suggest that the CloudForms Deployment Planning Guide documentation be aligned to and reference the RHV documentation, specifically section 2.6 of the RHV Data Warehouse Guide: https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.1/html-single/data_warehouse_guide/#Allowing_Read_Only_Access_to_the_History_Database
Linking to BZ#1606935, which requests changes to the same section.