RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1932772 - foreman: plugin execution times out when DB password can't be found
Summary: foreman: plugin execution times out when DB password can't be found
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sos
Version: 7.9
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Jan Jansky
QA Contact: Miroslav Hradílek
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-02-25 08:45 UTC by Evgeni Golov
Modified: 2021-04-27 11:31 UTC (History)
10 users (show)

Fixed In Version: sos-3.9-5.el7_9.3
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-04-27 11:31:08 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github sosreport sos pull 2429 0 None closed [candlepin/foreman] call psql with --no-password to avoid waiting on input 2021-03-09 11:12:55 UTC

Description Evgeni Golov 2021-02-25 08:45:04 UTC 
Description of problem:
The `foreman` plugin tries to read the PostgreSQL password from `/etc/foreman/database.yml` and falls back to an empty string if that can't be found for some reason:

https://github.com/sosreport/sos/blob/00a25deaba41cd34a2143b5324d22a7c35098c1c/sos/plugins/foreman.py#L37-L59

However, when one tries to execute `psql` without a password, it will just sit there and wait for the user to enter one:

```console
# PGPASSWORD= psql -h localhost -p 5432 -U foreman -d foreman -c 'select 1;'
Password for user foreman: 
```

This leads to the plugin timing out:

```
[plugin:foreman] command 'psql -h localhost -p 5432 -U foreman -d foreman  -c 'SELECT table_name, pg_size_pretty(total_bytes) AS total, pg_size_pretty(index_bytes) AS INDEX , pg_size_pretty(toast_bytes) AS toast, pg_size_pretty(table_bytes) AS TABLE FROM ( SELECT *, total_bytes-index_bytes-COALESCE(toast_bytes,0) AS table_bytes FROM (SELECT c.oid,nspname AS table_schema, relname AS TABLE_NAME, c.reltuples AS row_estimate, pg_total_relation_size(c.oid) AS total_bytes, pg_indexes_size(c.oid) AS index_bytes, pg_total_relation_size(reltoastrelid) AS toast_bytes FROM pg_class c LEFT JOIN pg_namespace n ON n.oid = c.relnamespace WHERE relkind = '"'"'r'"'"') a) a order by total_bytes DESC'' timed out after 300s
[plugin:foreman] command 'psql -h localhost -p 5432 -U foreman -d foreman  -c 'WITH prefix_counts AS (SELECT split_part(name,'"'"'::'"'"',1) FROM fact_names) SELECT COUNT(*), split_part AS "fact_name_prefix" FROM prefix_counts GROUP BY split_part ORDER BY count DESC LIMIT 100'' timed out after 600s
[plugin:foreman] command 'psql -h localhost -p 5432 -U foreman -d foreman  -c 'select * from dynflow_schema_info'' timed out after 600s

 Plugin foreman timed out
```

The most trivial fix for this is to pass `--no-password` to `psql`, which will "Never issue a password prompt. If the server requires password authentication and a password is not available from other sources such as a .pgpass file, the connection attempt will fail. This option can be useful in batch jobs and scripts where no user is present to enter a password." and that's exactly the case we have here.

I am linking the `legacy-3.9` code above, as I am experiencing this on EL 7 with sos-3.9-5, but the code in `master` looks (for that part) identical and should suffer from the same issue.

And if you're wondering why we're facing this now, and not since a long time: The plugin works equally on Foreman servers and Foreman proxies (see `packages` definition in the plugin). There is no `/etc/foreman/database.yml` on the proxy, so the password can't be read, which was not a problem until recently as we didn't have a `psql` binary on the proxy. We have one now, but still no `/etc/foreman/database.yml` which leads to the before mentioned password prompt.


Version-Release number of selected component (if applicable):
sos-3.9-5.el7

How reproducible:
100%

Steps to Reproduce:
1. install RHEL7 with PostgreSQL
2. run sosreport --enable-plugins foreman

alternative steps:
Install a Satellite Capsule and add a PostgreSQL server to it (which will be the case in a later Satellite version anyways)

Actual results:
 Plugin foreman timed out

Expected results:
 Plugin correctly executed

Additional info:
Upstream report: https://github.com/sosreport/sos/issues/2421
Comment 13 errata-xmlrpc 2021-04-27 11:31:08 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (sos bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:1385
Note You need to log in before you can comment on or make changes to this bug.