Bug 1475252 - [RFE] Document the minimal permissions required to run bootstrap.py
[RFE] Document the minimal permissions required to run bootstrap.py
Status: CLOSED NEXTRELEASE
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Docs Managing Hosts (Show other bugs)
Unspecified
Unspecified Unspecified
medium Severity medium (vote)
: Beta
: 6.X
Assigned To: Charles Wood
Russell Dickenson
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-26 05:45 EDT by Rich Jerrido
Modified: 2018-01-14 20:16 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-08-17 06:04:15 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Rich Jerrido 2017-07-26 05:45:47 EDT
In the host-configuration guide (section 10.5), please add a section on the minimum permissions required to run the bootstrap script. Upstream docs here (https://github.com/Katello/katello-client-bootstrap/blob/master/README.md) in the 'Permissions' section. 


Additionally to create a role for a user with the minimal permissions to run bootstrap.py a user can use hammer to generate this: 


ROLE='Bootstrap_User'
hammer role create --name "$ROLE"
hammer filter create --role "$ROLE" --permissions view_organizations
hammer filter create --role "$ROLE" --permissions view_locations
hammer filter create --role "$ROLE" --permissions view_domains
hammer filter create --role "$ROLE" --permissions view_hostgroups
hammer filter create --role "$ROLE" --permissions view_hosts
hammer filter create --role "$ROLE" --permissions view_architectures
hammer filter create --role "$ROLE" --permissions view_ptables
hammer filter create --role "$ROLE" --permissions view_operatingsystems
hammer filter create --role "$ROLE" --permissions create_hosts
Comment 1 Andrew Dahms 2017-08-01 21:26:22 EDT
Assigning to Charles for review.
Comment 12 Charles Wood 2017-08-17 06:04:15 EDT
The content has now been committed to 6.3 master branch ready for the next release.
Comment 13 Vincent S. Cojot 2017-10-11 11:10:45 EDT
On 6.2.12, here's what I had to add to create a role for a 'readonly' and 'registration only' user:

[root@sat6 ~]# hammer  role filters --id 22
----|-------------------------|--------|------------|----------------|---------------------------------------------------------------------------------
ID  | RESOURCE TYPE           | SEARCH | UNLIMITED? | ROLE           | PERMISSIONS
----|-------------------------|--------|------------|----------------|---------------------------------------------------------------------------------
171 | Hostgroup               | none   | yes        | Register Hosts | view_hostgroups
173 | Katello::ActivationKey  | none   | yes        | Register Hosts | view_activation_keys
174 | Katello::System         | none   | yes        | Register Hosts | view_content_hosts, create_content_hosts, edit_content_hosts, destroy_content...
175 | Katello::ContentView    | none   | yes        | Register Hosts | view_content_views
176 | Katello::GpgKey         | none   | yes        | Register Hosts | view_gpg_keys
177 | Katello::Subscription   | none   | yes        | Register Hosts | view_subscriptions, attach_subscriptions
178 | Host                    | none   | yes        | Register Hosts | view_hosts
179 | Katello::HostCollection | none   | yes        | Register Hosts | view_host_collections
180 | Organization            | none   | yes        | Register Hosts | view_organizations
182 | Katello::KTEnvironment  | none   | yes        | Register Hosts | view_lifecycle_environments
183 | Katello::Product        | none   | yes        | Register Hosts | view_products
184 | Location                | none   | yes        | Register Hosts | view_locations
185 | Domain                  | none   | yes        | Register Hosts | view_domains
186 | Architecture            | none   | yes        | Register Hosts | view_architectures
187 | Operatingsystem         | none   | yes        | Register Hosts | view_operatingsystems
----|-------------------------|--------|------------|----------------|------------------------------------------------------------------------
Comment 14 Vincent S. Cojot 2017-10-11 11:16:48 EDT
Here's how I involed bootstrap (if that matters):
bootstrap.py -l register -p password -s ${SAT_HOSTNAME} -o ${SAT_ORGANIZATION} -a ${ACTIVATION_KEY} -L ${SAT_LOCATION} -g ${SAT_HOSTGROUP} -O ${SAT_OS_NAME} --enablerepos=* --skip-puppet --force
Comment 15 Andrew Dahms 2017-12-10 20:50:14 EST
Updating the target milestone to reflect the time frame in which this work was completed.
Comment 16 Andrew Dahms 2018-01-14 20:16:49 EST
Updating the component and doc type.

Note You need to log in before you can comment on or make changes to this bug.