Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1456379 - katello-backup does not apply postgres group owner to the whole backup path
Summary: katello-backup does not apply postgres group owner to the whole backup path
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Backup & Restore
Version: 6.3.0
Hardware: All
OS: Linux
high
high
Target Milestone: Unspecified
Assignee: Christine Fouant
QA Contact: Peter Ondrejka
URL:
Whiteboard:
Depends On: 1432013 1497957
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-05-29 09:15 UTC by Peter Ondrejka
Modified: 2021-12-10 15:04 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1432013
Environment:
Last Closed: 2018-02-21 17:05:54 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 19453 0 None None None 2017-05-29 09:15:47 UTC

Comment 1 Satellite Program 2017-05-29 10:17:10 UTC 
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/19453 has been resolved.
Comment 3 Peter Ondrejka 2017-08-16 13:23:52 UTC 
On Satellite 6.3 snap 11:

~]# katello-backup -y testdir --online-backup --skip-pulp-content
Starting backup: 2017-08-16 09:21:20 -0400
Creating backup folder testdir/katello-backup-20170816092122
Generating metadata ... 
/opt/theforeman/tfm/root/usr/share/gems/gems/redhat_access-2.0.3/app/services/redhat_access/telemetry/look_ups.rb:171: warning: key :hosts is duplicated and overwritten on line 172
Done.
Backing up config files... 
Failed 'tar --selinux --create --gzip --file=testdir/katello-backup-20170816092122/config_files.tar.gz --listed-incremental=testdir/katello-backup-20170816092122/.config.snar /etc/foreman-proxy /etc/httpd /etc/foreman-installer /etc/pki/katello /etc/pki/katello-certs-tools /etc/pki/pulp /etc/pulp /etc/puppet /etc/qpid /etc/qpid-dispatch /root/ssl-build /var/www/html/pub /etc/squid /etc/puppetlabs /opt/puppetlabs/puppet/cache/foreman_cache_data /opt/puppetlabs/puppet/ssl/ /var/lib/puppet/foreman_cache_data /var/lib/puppet/ssl /etc/candlepin /etc/foreman /etc/hammer /etc/sysconfig/tomcat* /etc/tomcat* /var/lib/candlepin 2>/dev/null' with exit code 141
Cleaning up backup folder and starting any stopped services... 
/usr/share/ruby/fileutils.rb:125: warning: conflicting chdir during another chdir block
Done.
Comment 4 Christine Fouant 2017-08-17 20:37:50 UTC 
(In reply to Peter Ondrejka from comment #3)
> On Satellite 6.3 snap 11:
> 
> ~]# katello-backup -y testdir --online-backup --skip-pulp-content
> Starting backup: 2017-08-16 09:21:20 -0400
> Creating backup folder testdir/katello-backup-20170816092122
> Generating metadata ... 
> /opt/theforeman/tfm/root/usr/share/gems/gems/redhat_access-2.0.3/app/
> services/redhat_access/telemetry/look_ups.rb:171: warning: key :hosts is
> duplicated and overwritten on line 172
> Done.
> Backing up config files... 
> Failed 'tar --selinux --create --gzip
> --file=testdir/katello-backup-20170816092122/config_files.tar.gz
> --listed-incremental=testdir/katello-backup-20170816092122/.config.snar
> /etc/foreman-proxy /etc/httpd /etc/foreman-installer /etc/pki/katello
> /etc/pki/katello-certs-tools /etc/pki/pulp /etc/pulp /etc/puppet /etc/qpid
> /etc/qpid-dispatch /root/ssl-build /var/www/html/pub /etc/squid
> /etc/puppetlabs /opt/puppetlabs/puppet/cache/foreman_cache_data
> /opt/puppetlabs/puppet/ssl/ /var/lib/puppet/foreman_cache_data
> /var/lib/puppet/ssl /etc/candlepin /etc/foreman /etc/hammer
> /etc/sysconfig/tomcat* /etc/tomcat* /var/lib/candlepin 2>/dev/null' with
> exit code 141
> Cleaning up backup folder and starting any stopped services... 
> /usr/share/ruby/fileutils.rb:125: warning: conflicting chdir during another
> chdir block
> Done.

I believe you are calling this from a directory from which postgres doesn't have access to write. The docs state that backups must occur in either /tmp or /var/tmp
Comment 6 Peter Ondrejka 2017-08-21 08:24:34 UTC 
Related bz: https://bugzilla.redhat.com/show_bug.cgi?id=1483033
Comment 8 Peter Ondrejka 2017-08-25 08:41:25 UTC 
Thanks Christine for clearing it up. Confirmed postgres can write dump files to designated directories in 6.3 snap 12. 

After successful online backup:
~]# ls -la /var/tmp/
drwxrwx---.  3 root postgres  195 Aug 25 04:36 katello-backup-20170825043623

~]# ls -la /var/tmp/katello-backup-20170825043623/
total 359988
drwxrwx---. 3 root     postgres       195 Aug 25 04:36 .
drwxrwx---. 8 root     postgres      4096 Aug 25 04:37 ..
-rw-r--r--. 1 postgres postgres    220573 Aug 25 04:36 candlepin.dump
-rw-r--r--. 1 root     root       1266466 Aug 25 04:36 config_files.tar.gz
-rw-r--r--. 1 root     root         37162 Aug 25 04:36 .config.snar
-rw-r--r--. 1 postgres postgres    847494 Aug 25 04:36 foreman.dump
-rw-r--r--. 1 root     root         51286 Aug 25 04:36 metadata.yml
drwxr-xr-x. 5 root     root            52 Aug 25 04:36 mongo_dump
-rw-r--r--. 1 postgres postgres       650 Aug 25 04:36 pg_globals.dump
-rw-r--r--. 1 root     root     366049280 Aug 25 04:36 pulp_data.tar
-rw-r--r--. 1 root     root        133002 Aug 25 04:36 .pulp.snar
Comment 9 Peter Ondrejka 2017-09-21 12:32:23 UTC 
Moving back to assigned, after testing in satellite-6.3.0-18.0.beta.el7sat.noarch, katello-backup changes access rights of /tmp and /var/tmp and prevents other application from writing to it:

~]# ls -ld /tmp/
drwxrwx---. 17 root postgres 4096 Sep 21 08:12 /tmp

In 6.2.12 k-b leaves the permissions untouched:
]# ls -ld /tmp/
drwxrwxrwt. 8 root root 4096 Sep 21 08:23 /tmp/
Comment 11 Christine Fouant 2017-10-03 14:28:16 UTC 
@(In reply to Peter Ondrejka from comment #9)
> Moving back to assigned, after testing in
> satellite-6.3.0-18.0.beta.el7sat.noarch, katello-backup changes access
> rights of /tmp and /var/tmp and prevents other application from writing to
> it:
> 
> ~]# ls -ld /tmp/
> drwxrwx---. 17 root postgres 4096 Sep 21 08:12 /tmp
> 
> In 6.2.12 k-b leaves the permissions untouched:
> ]# ls -ld /tmp/
> drwxrwxrwt. 8 root root 4096 Sep 21 08:23 /tmp/

This is failing because of a new change which installs foreman-proxy-content package on Satellites. If you would like to work around this issue, please set @is_foreman_proxy_content to false.
Comment 12 Peter Ondrejka 2017-10-24 12:01:19 UTC 
Verifed on satellite-6.3.0-21.0.beta.el7sat.noarch
Comment 13 Bryan Kearney 2018-02-21 17:05:54 UTC 
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.

For information on the advisory, and where to find the updated files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0336
Note You need to log in before you can comment on or make changes to this bug.