Bug 1473910 - fix_db_cache needs to run with admin permissions
fix_db_cache needs to run with admin permissions
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Infrastructure (Show other bugs)
Unspecified Unspecified
medium Severity medium (vote)
: GA
: --
Assigned To: Daniel Lobato Garcia
Sebastian Gräßl
: Triaged
Depends On:
  Show dependency treegraph
Reported: 2017-07-22 05:53 EDT by Marek Hulan
Modified: 2018-02-21 11:51 EST (History)
5 users (show)

See Also:
Fixed In Version: foreman-1.15.2
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2018-02-21 11:51:07 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Foreman Issue Tracker 20104 None None None 2017-07-22 05:53 EDT

  None (edit)
Description Marek Hulan 2017-07-22 05:53:36 EDT
The rake task 'fix_db_cache' triggers CacheManager, and CacheManager tries to find roles, user groups, etc.. without any permissions. This will cause it to fail with an error similar to https://gist.github.com/52da11cb368ec530bcf0247d3ee38855 .

Many of the actions called by CacheManager, like UsergroupMember.save will have to find objects that needs permissions to be viewed, hence CacheManager has to be called "as_admin".
Comment 1 Marek Hulan 2017-07-22 05:53:41 EDT
Created from redmine issue http://projects.theforeman.org/issues/20104
Comment 2 Marek Hulan 2017-07-22 05:53:49 EDT
Upstream bug assigned to dlobatog@redhat.com
Comment 5 Zach Huntington-Meath 2017-08-09 15:30:05 EDT
I ran

foreman-rake fix_db_cache

The error mentioned before is not outputted. However there is a new warning: 

/opt/theforeman/tfm/root/usr/share/gems/gems/redhat_access-2.0.3/app/services/redhat_access/telemetry/look_ups.rb:171: warning: key :hosts is duplicated and overwritten on line 172

Sadly going to fail qa and put it back to assigned.
Comment 6 Daniel Lobato Garcia 2017-08-29 06:08:38 EDT

The warning has nothing to do with the fix_db_cache. In fact this warning happens when starting the Rails environment. 

Before this patch was in, the fix_db_cache completely *failed*, which caused people to not be able to upgrade to 1.15.2 (the installer stops if any task fails). 

Did the task stop after this warning (which comes from gem redhat_access by the way)?  If so, it's an issue we hadn't seen upstream and it's only downstream. If it didn't stop, but just outputted some warning, that's probably OK. 

Marek, feel free to correct me since you're the original reporter but I think my message is what is expected of this fix.
Comment 7 Marek Hulan 2017-08-29 07:41:43 EDT
I agree with Daniel. Moving back to ON_QA and removing FailedQA, Zach did the task succeed? Also note that the warning comes from redhat_access gem. If you want to open a bug for the warning, please open it in Access Insights component but I think it should not block this one.
Comment 8 Sebastian Gräßl 2017-08-30 06:13:48 EDT
Verified on Satellite 6.3 snap 13.

`foreman-rake fix_db_cache` succeeds as expected without raising the mentioned permission issues.
Comment 9 pm-sat@redhat.com 2018-02-21 11:51:07 EST
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
> For information on the advisory, and where to find the updated files, follow the link below.
> If the solution does not work for you, open a new bug report.
> https://access.redhat.com/errata/RHSA-2018:0336

Note You need to log in before you can comment on or make changes to this bug.