Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1475252 - [RFE] Document the minimal permissions required to run bootstrap.py
Summary: [RFE] Document the minimal permissions required to run bootstrap.py
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Docs Managing Hosts
Version: Unspecified
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: Unspecified
Assignee: Charles Wood
QA Contact: Russell Dickenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-07-26 09:45 UTC by Rich Jerrido
Modified: 2020-12-14 09:15 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-17 10:04:15 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Rich Jerrido 2017-07-26 09:45:47 UTC
In the host-configuration guide (section 10.5), please add a section on the minimum permissions required to run the bootstrap script. Upstream docs here (https://github.com/Katello/katello-client-bootstrap/blob/master/README.md) in the 'Permissions' section. 


Additionally to create a role for a user with the minimal permissions to run bootstrap.py a user can use hammer to generate this: 


ROLE='Bootstrap_User'
hammer role create --name "$ROLE"
hammer filter create --role "$ROLE" --permissions view_organizations
hammer filter create --role "$ROLE" --permissions view_locations
hammer filter create --role "$ROLE" --permissions view_domains
hammer filter create --role "$ROLE" --permissions view_hostgroups
hammer filter create --role "$ROLE" --permissions view_hosts
hammer filter create --role "$ROLE" --permissions view_architectures
hammer filter create --role "$ROLE" --permissions view_ptables
hammer filter create --role "$ROLE" --permissions view_operatingsystems
hammer filter create --role "$ROLE" --permissions create_hosts

Comment 1 Andrew Dahms 2017-08-02 01:26:22 UTC
Assigning to Charles for review.

Comment 12 Charles Wood 2017-08-17 10:04:15 UTC
The content has now been committed to 6.3 master branch ready for the next release.

Comment 13 Vincent S. Cojot 2017-10-11 15:10:45 UTC
On 6.2.12, here's what I had to add to create a role for a 'readonly' and 'registration only' user:

[root@sat6 ~]# hammer  role filters --id 22
----|-------------------------|--------|------------|----------------|---------------------------------------------------------------------------------
ID  | RESOURCE TYPE           | SEARCH | UNLIMITED? | ROLE           | PERMISSIONS
----|-------------------------|--------|------------|----------------|---------------------------------------------------------------------------------
171 | Hostgroup               | none   | yes        | Register Hosts | view_hostgroups
173 | Katello::ActivationKey  | none   | yes        | Register Hosts | view_activation_keys
174 | Katello::System         | none   | yes        | Register Hosts | view_content_hosts, create_content_hosts, edit_content_hosts, destroy_content...
175 | Katello::ContentView    | none   | yes        | Register Hosts | view_content_views
176 | Katello::GpgKey         | none   | yes        | Register Hosts | view_gpg_keys
177 | Katello::Subscription   | none   | yes        | Register Hosts | view_subscriptions, attach_subscriptions
178 | Host                    | none   | yes        | Register Hosts | view_hosts
179 | Katello::HostCollection | none   | yes        | Register Hosts | view_host_collections
180 | Organization            | none   | yes        | Register Hosts | view_organizations
182 | Katello::KTEnvironment  | none   | yes        | Register Hosts | view_lifecycle_environments
183 | Katello::Product        | none   | yes        | Register Hosts | view_products
184 | Location                | none   | yes        | Register Hosts | view_locations
185 | Domain                  | none   | yes        | Register Hosts | view_domains
186 | Architecture            | none   | yes        | Register Hosts | view_architectures
187 | Operatingsystem         | none   | yes        | Register Hosts | view_operatingsystems
----|-------------------------|--------|------------|----------------|------------------------------------------------------------------------

Comment 14 Vincent S. Cojot 2017-10-11 15:16:48 UTC
Here's how I involed bootstrap (if that matters):
bootstrap.py -l register -p password -s ${SAT_HOSTNAME} -o ${SAT_ORGANIZATION} -a ${ACTIVATION_KEY} -L ${SAT_LOCATION} -g ${SAT_HOSTGROUP} -O ${SAT_OS_NAME} --enablerepos=* --skip-puppet --force

Comment 15 Andrew Dahms 2017-12-11 01:50:14 UTC
Updating the target milestone to reflect the time frame in which this work was completed.

Comment 16 Andrew Dahms 2018-01-15 01:16:49 UTC
Updating the component and doc type.


Note You need to log in before you can comment on or make changes to this bug.