Red Hat Bugzilla – Bug 1473910
fix_db_cache needs to run with admin permissions
Last modified: 2018-02-21 11:51:07 EST
The rake task 'fix_db_cache' triggers CacheManager, and CacheManager tries to find roles, user groups, etc.. without any permissions. This will cause it to fail with an error similar to https://gist.github.com/52da11cb368ec530bcf0247d3ee38855 .
Many of the actions called by CacheManager, like UsergroupMember.save will have to find objects that needs permissions to be viewed, hence CacheManager has to be called "as_admin".
Created from redmine issue http://projects.theforeman.org/issues/20104
Upstream bug assigned to email@example.com
The error mentioned before is not outputted. However there is a new warning:
/opt/theforeman/tfm/root/usr/share/gems/gems/redhat_access-2.0.3/app/services/redhat_access/telemetry/look_ups.rb:171: warning: key :hosts is duplicated and overwritten on line 172
Sadly going to fail qa and put it back to assigned.
The warning has nothing to do with the fix_db_cache. In fact this warning happens when starting the Rails environment.
Before this patch was in, the fix_db_cache completely *failed*, which caused people to not be able to upgrade to 1.15.2 (the installer stops if any task fails).
Did the task stop after this warning (which comes from gem redhat_access by the way)? If so, it's an issue we hadn't seen upstream and it's only downstream. If it didn't stop, but just outputted some warning, that's probably OK.
Marek, feel free to correct me since you're the original reporter but I think my message is what is expected of this fix.
I agree with Daniel. Moving back to ON_QA and removing FailedQA, Zach did the task succeed? Also note that the warning comes from redhat_access gem. If you want to open a bug for the warning, please open it in Access Insights component but I think it should not block this one.
Verified on Satellite 6.3 snap 13.
`foreman-rake fix_db_cache` succeeds as expected without raising the mentioned permission issues.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
> For information on the advisory, and where to find the updated files, follow the link below.
> If the solution does not work for you, open a new bug report.