Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1849110

Summary: Red Hat Satellite upgrade to 6.6 fails if duplicate permissions are present in foreman database
Product: Red Hat Satellite Reporter: Sayan Das <saydas>
Component: Satellite MaintainAssignee: Anurag Patel <apatel>
Status: CLOSED WONTFIX QA Contact: Jameer Pathan <jpathan>
Severity: high Docs Contact:
Priority: high    
Version: 6.6.0CC: ahumbe, amarirom, apatel, aupadhye, bbuckingham, bkearney, egolov, gtalreja, jjeffers, jpasqual, kgaikwad, ktordeur, sperezto, zhunting
Target Milestone: 6.7.5Keywords: PrioBumpGSS, Triaged, Upgrades, UserExperience
Target Release: Unused   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: rubygem-foreman_maintain-0.5.6 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1884024 (view as bug list) Environment:
Last Closed: 2021-09-07 19:05:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sayan Das 2020-06-19 16:14:21 UTC 
Description of problem:

Red Hat Satellite upgrade to 6.6 fails with the following errors if duplicate permissions are present in the foreman database.

~~~
satellite.log:

[ERROR 2020-01-29T20:50:09 main]  /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[satellite.example.com]: Could not evaluate: Proxy satellite.example.com cannot be retrieved: unknown error (response 500)
[ERROR 2020-01-29T20:50:09 main] /usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_smartproxy/rest_v3.rb:7:in `proxy'
[ERROR 2020-01-29T20:50:09 main] /usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_smartproxy/rest_v3.rb:13:in `id'


production.log:

2020-01-29T20:50:09 [W|app|] Could not create role 'Ansible Roles Manager': ERF73-0602 [Foreman::PermissionMissingException]: some permissions were not found:

2020-01-29T20:50:09 [E|app|] Cannot continue because some permissions were not found, please run rake db:seed and retry
2020-01-29T20:50:24 [W|app|] Could not create role 'Ansible Roles Manager': ERF73-0602 [Foreman::PermissionMissingException]: some permissions were not found: ["view_ansible_variables", "edit_ansible_variables", "destroy_ansible_variables", "create_ansible_variables", "import_ansible_variables", :view_ansible_variables, :create_ansible_variables, :import_ansible_variables, :edit_ansible_variables, :destroy_ansible_variables]
2020-01-29T20:50:24 [E|app|] Cannot continue because some permissions were not found, please run rake db:seed and retry



foreman-rake console
irb(main):036:0> Permission.pluck(:id,:name)
..
..
[309, "edit_settings"], [310, "cockpit_hosts"], [311, "view_ansible_variables"], [312, "edit_ansible_variables"], [313, "edit_ansible_variables"], [314, "destroy_ansible_variables"], [315, "create_ansible_variables"], [316, "import_ansible_variables"]]

         --> From 311 to 316, there were six permissions listed among which "edit_ansible_variables" was duplicate.
~~~

As soon as we manually delete the permission with id 313 and re-execute the satellite-installer, the upgrade will be completed successfully.


Version-Release number of selected component (if applicable):
Satellite 6.5 > 6.6 upgrade


How reproducible:

In customer environments 



Additional Info or Request:

The request here is to include a check\fix for duplicate permissions in foreman-maintain itself which can be detected during execution of "foreman-maintain upgrade check" or "satellite-maintain upgrade check" to avoid any manual troubleshooting.
Comment 2 Anand Agrawal 2020-06-19 17:29:55 UTC 
*** Bug 1849111 has been marked as a duplicate of this bug. ***
Comment 6 Suraj Patil 2020-07-30 08:44:00 UTC 
Created redmine issue https://projects.theforeman.org/issues/30527 from this bug
Comment 7 Bryan Kearney 2020-09-04 20:03:37 UTC 
Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/30527 has been resolved.
Comment 10 Jameer Pathan 2020-10-15 08:09:56 UTC 
Verified:

Verified with:
- Satellite 6.7.5 snap 1
- rubygem-foreman_maintain-0.5.6-1.el7sat.noarch

Test steps:
- Created duplicate permissions.
- Create a role. 
- Create filters and add duplicate permissions to them.
- Run pre-upgrade check "foreman-maintain health check --label duplicate_permissions"

Observation:
- foreman-maintain check duplicate_permissions deleted duplicate permissions.
- duplicate_permissions is added to pre-upgrade checks list.


[root@dell-r430-20 ~]#  foreman-maintain health check --label duplicate_permissions
Running ForemanMaintain::Scenario::FilteredScenario
================================================================================
Check for duplicate permissions from database:                        [FAIL]
Duplicate permissions in your database
--------------------------------------------------------------------------------
Continue with step [Remove duplicate permissions from database]?, [y(yes), n(no), q(quit)] y
Remove duplicate permissions from database:                           [OK]      
--------------------------------------------------------------------------------
Rerunning the check after fix procedure
Check for duplicate permissions from database:                        [OK]
--------------------------------------------------------------------------------

[root@dell-r430-20 ~]#  foreman-maintain health check --label duplicate_permissions
Running ForemanMaintain::Scenario::FilteredScenario
================================================================================
Check for duplicate permissions from database:                        [OK]
--------------------------------------------------------------------------------
Comment 16 James Jeffers 2021-09-07 19:05:02 UTC 
Closing this as the issue was cloned and addressed in 6.8.