1849110 – Red Hat Satellite upgrade to 6.6 fails if duplicate permissions are present in foreman database

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1849110 - Red Hat Satellite upgrade to 6.6 fails if duplicate permissions are present in foreman database

Summary: Red Hat Satellite upgrade to 6.6 fails if duplicate permissions are present i...

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Satellite Maintain
Sub Component:
Version:	6.6.0
Hardware:	All
OS:	All
Priority:	high
Severity:	high
Target Milestone:	6.7.5
Assignee:	Anurag Patel
QA Contact:	Jameer Pathan
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1849111 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-06-19 16:14 UTC by Sayan Das
Modified:	2023-12-15 18:13 UTC (History)
CC List:	14 users (show)
Fixed In Version:	rubygem-foreman_maintain-0.5.6
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1884024 (view as bug list)
Environment:
Last Closed:	2021-09-07 19:05:02 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Foreman Issue Tracker	30527	0	High	Closed	Red Hat Satellite upgrade to 6.6 fails if duplicate permissions are present in foreman database	2021-01-28 15:53:07 UTC
Red Hat Knowledge Base (Solution)	5061001	0	None	None	None	2020-06-22 15:47:55 UTC

Description Sayan Das 2020-06-19 16:14:21 UTC

Description of problem:

Red Hat Satellite upgrade to 6.6 fails with the following errors if duplicate permissions are present in the foreman database.

~~~
satellite.log:

[ERROR 2020-01-29T20:50:09 main]  /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[satellite.example.com]: Could not evaluate: Proxy satellite.example.com cannot be retrieved: unknown error (response 500)
[ERROR 2020-01-29T20:50:09 main] /usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_smartproxy/rest_v3.rb:7:in `proxy'
[ERROR 2020-01-29T20:50:09 main] /usr/share/foreman-installer/modules/foreman/lib/puppet/provider/foreman_smartproxy/rest_v3.rb:13:in `id'


production.log:

2020-01-29T20:50:09 [W|app|] Could not create role 'Ansible Roles Manager': ERF73-0602 [Foreman::PermissionMissingException]: some permissions were not found:

2020-01-29T20:50:09 [E|app|] Cannot continue because some permissions were not found, please run rake db:seed and retry
2020-01-29T20:50:24 [W|app|] Could not create role 'Ansible Roles Manager': ERF73-0602 [Foreman::PermissionMissingException]: some permissions were not found: ["view_ansible_variables", "edit_ansible_variables", "destroy_ansible_variables", "create_ansible_variables", "import_ansible_variables", :view_ansible_variables, :create_ansible_variables, :import_ansible_variables, :edit_ansible_variables, :destroy_ansible_variables]
2020-01-29T20:50:24 [E|app|] Cannot continue because some permissions were not found, please run rake db:seed and retry



foreman-rake console
irb(main):036:0> Permission.pluck(:id,:name)
..
..
[309, "edit_settings"], [310, "cockpit_hosts"], [311, "view_ansible_variables"], [312, "edit_ansible_variables"], [313, "edit_ansible_variables"], [314, "destroy_ansible_variables"], [315, "create_ansible_variables"], [316, "import_ansible_variables"]]

         --> From 311 to 316, there were six permissions listed among which "edit_ansible_variables" was duplicate.
~~~

As soon as we manually delete the permission with id 313 and re-execute the satellite-installer, the upgrade will be completed successfully.


Version-Release number of selected component (if applicable):
Satellite 6.5 > 6.6 upgrade


How reproducible:

In customer environments 



Additional Info or Request:

The request here is to include a check\fix for duplicate permissions in foreman-maintain itself which can be detected during execution of "foreman-maintain upgrade check" or "satellite-maintain upgrade check" to avoid any manual troubleshooting.

Comment 2 Anand Agrawal 2020-06-19 17:29:55 UTC

*** Bug 1849111 has been marked as a duplicate of this bug. ***

Comment 6 Suraj Patil 2020-07-30 08:44:00 UTC

Created redmine issue https://projects.theforeman.org/issues/30527 from this bug

Comment 7 Bryan Kearney 2020-09-04 20:03:37 UTC

Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/30527 has been resolved.

Comment 10 Jameer Pathan 2020-10-15 08:09:56 UTC

Verified:

Verified with:
- Satellite 6.7.5 snap 1
- rubygem-foreman_maintain-0.5.6-1.el7sat.noarch

Test steps:
- Created duplicate permissions.
- Create a role. 
- Create filters and add duplicate permissions to them.
- Run pre-upgrade check "foreman-maintain health check --label duplicate_permissions"

Observation:
- foreman-maintain check duplicate_permissions deleted duplicate permissions.
- duplicate_permissions is added to pre-upgrade checks list.


[root@dell-r430-20 ~]#  foreman-maintain health check --label duplicate_permissions
Running ForemanMaintain::Scenario::FilteredScenario
================================================================================
Check for duplicate permissions from database:                        [FAIL]
Duplicate permissions in your database
--------------------------------------------------------------------------------
Continue with step [Remove duplicate permissions from database]?, [y(yes), n(no), q(quit)] y
Remove duplicate permissions from database:                           [OK]      
--------------------------------------------------------------------------------
Rerunning the check after fix procedure
Check for duplicate permissions from database:                        [OK]
--------------------------------------------------------------------------------

[root@dell-r430-20 ~]#  foreman-maintain health check --label duplicate_permissions
Running ForemanMaintain::Scenario::FilteredScenario
================================================================================
Check for duplicate permissions from database:                        [OK]
--------------------------------------------------------------------------------

Comment 16 James Jeffers 2021-09-07 19:05:02 UTC

Closing this as the issue was cloned and addressed in 6.8.

Note You need to log in before you can comment on or make changes to this bug.