Description of problem: In case of the file '/var/lib/pgsql/data/postgresql.conf' had the owner/group permission changed or if the file '/var/lib/pgsql/data/postgresql.conf' is removed, the satellite-installer does not fix/recreate this file with the expected permission. When the PostgreSQL service is restarted the service fails with permission denied. Version-Release number of selected component (if applicable): Satellite 6.6 foreman-installer-1.22.0.17-1.el7sat.noarch How reproducible: Install a Satellite server and perform the following commands to reproduce the same issue. # chown root:root /var/lib/pgsql/data/postgresql.conf or # mv /var/lib/pgsql/data/postgresql.conf /root/ # satellite-installer -S satellite # ls -lht /var/lib/pgsql/data/postgresql.conf # systemctl restart postgresql Steps to Reproduce: 1. # chown root:root /var/lib/pgsql/data/postgresql.conf or # mv /var/lib/pgsql/data/postgresql.conf /root/ 2. # satellite-installer -S satellite 3. # ls -lht /var/lib/pgsql/data/postgresql.conf 4. # systemctl restart postgresql Actual results: The file '/var/lib/pgsql/data/postgresql.conf' is not reconfigured as expected for the postgresql service start. ]# ls -lht /var/lib/pgsql/data/postgresql.conf -rw-------. 1 root root 20K Mar 13 09:29 /var/lib/pgsql/data/postgresql.conf Expected results: The file '/var/lib/pgsql/data/postgresql.conf' be created/managed as expected for the postgresql service start ]# ls -lht /var/lib/pgsql/data/postgresql.conf -rw-------. 1 postgres postgres 20K Mar 13 09:29 /var/lib/pgsql/data/postgresql.conf Additional info: This Bug is affecting the satellite-clone process, as when the satellite-clone is re-run on a Cloned Satellite it will delete the file '/var/lib/pgsql/data/postgresql.conf' and the file is created by the satellite-installer with the wrong permission, causing a failure on the PostgreSQL server.
Hey guys, There is a patch that fixes this issue. Create a file with the following content. ~~~ diff --git a/modules/postgresql/manifests/server/config.pp b/modules/postgresql/manifests/server/config.pp index b5f42ff..814d1ba 100644 --- a/modules/postgresql/manifests/server/config.pp +++ b/modules/postgresql/manifests/server/config.pp @@ -23,6 +23,14 @@ class postgresql::server::config { $log_line_prefix = $postgresql::server::log_line_prefix $timezone = $postgresql::server::timezone + concat { $postgresql_conf_path: + owner => $user, + group => $group, + mode => '0640', + warn => true, + notify => Class['postgresql::server::reload'], + } + if ($manage_pg_hba_conf == true) { # Prepare the main pg_hba file concat { $pg_hba_conf_path: ~~~ Apply the patch with the following commands. ~~~ cd /usr/share/foreman-installer/ patch -p1 < /root/pgsql_owner.patch ~~~ regards rbertol
I opened https://github.com/puppetlabs/puppetlabs-postgresql/pull/1199 upstream. I didn't use the patch from #3. It shouldn't use a concat resource since that conflicts with the config_entry defined type. I also don't think it should refresh the service since the actual content of the file isn't managed. The permissions are either already correct and the server can start, or it can't and the chaining in server.pp should take care of it.
My PR to manage postgresql.conf has been merged and released in puppetlabs-postgresql 6.9.0. This particular release also had a regression when it came to upgrading that was only fixed in puppetlabs-postgresql 6.10.1. I should also note that 6.10.2 has another regression in some cases.
Verified on 6.10 Snap7 Verification Steps: 1- Check the current permission and size of /var/opt/rh/rh-postgresql12/lib/pgsql/postgresql.conf # ls -l postgresql.conf -rw-------. 1 postgres postgres 26981 Jun 30 10:43 postgresql.conf 2- Change the permission of /var/opt/rh/rh-postgresql12/lib/pgsql/postgresql.conf # chown root:root postgresql.conf #ls -l postgresql.conf -rw-------. 1 root root 26981 Jun 30 10:43 postgresql.conf 3- Run the installer [root@dhcp-2-185 ~]# satellite-installer -S satellite 2021-07-01 05:48:21 [NOTICE] [root] Loading installer configuration. This will take some time. ........... Candlepin orphaned consumers: [] Success! 4- Restart the "systemctl restart postgresql" services 5- Check the permission of postgresql.conf # ls -l postgresql.conf -rw-------. 1 postgres postgres 26981 Jun 30 10:43 postgresql.conf
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: Satellite 6.10 Release), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:4702