Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 2064410 - Incorrect file permissions in /var/lib/pulp/media/... lead to repository sync errors
Summary: Incorrect file permissions in /var/lib/pulp/media/... lead to repository sync...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Satellite Maintain
Version: 6.11.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: 6.11.0
Assignee: Ian Ballou
QA Contact: sganar
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-03-15 18:50 UTC by Ian Ballou
Modified: 2022-07-19 11:05 UTC (History)
6 users (show)

Fixed In Version: rubygem-foreman_maintain-1.0.5
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-07-05 14:34:27 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 34631 0 Normal Ready For Testing Incorrect file permissions in /var/lib/pulp/media/... lead to repository sync errors 2022-03-16 19:33:18 UTC
Red Hat Product Errata RHSA-2022:5498 0 None None None 2022-07-05 14:34:38 UTC

Description Ian Ballou 2022-03-15 18:50:32 UTC 
Description of problem:

After the Pulp 2 to Pulp 3 migration, upstream users have been reporting failing syncs that seem to be related to incorrect permissions in Pulp's artifacts directory.  Thread: https://community.theforeman.org/t/katello-4-3-repo-sync-error-errno1-operation-not-permitted/27262/11

From the report, it seems that something changed in Pulp 3 between Pulpcore 3.14 and 3.16 that suddenly made the incorrect permissions cause sync errors.  Users have no issues syncing on Katello with Pulpcore 3.14.

I'm setting this on the Installer component for now because the installer keeps track of other Pulp-related permissions: https://github.com/theforeman/puppet-pulpcore/blob/master/manifests/config.pp

Foreman Maintain is another place where these permissions could be fixed if there is some reason with doing so in the Foreman Installer.

Version-Release number of selected component (if applicable):

Satellite 7.0 (Katello 4.3)

How reproducible:
The permissions being wrong is likely 100% reproducible.
The repository sync error is unknown right now because the reporting user could sync some repositories.

Steps to Reproduce:
From Grant's comment, to reproduce you would only need to run the upgrade to 6.10 where the Pulp 3 files are on the same volume as the Pulp 2 ones: https://community.theforeman.org/t/katello-4-3-repo-sync-error-errno1-operation-not-permitted/27262/14

Actual results:
Syncing fails and some files under /var/lib/pulp/media are owned by apache rather than pulp.

Expected results:
Syncing works fine and the files under /var/lib/pulp/media are owned by the pulp user. 

Additional info:
Comment 2 Ian Ballou 2022-03-15 21:43:03 UTC 
I just did a standard upgrade from 6.9 to 6.10 and saw no issues with the file permissions in the artifacts folder. It could be that the upstream users did the migration when it wasn't as well-supported.
Comment 3 Ian Ballou 2022-03-16 16:03:23 UTC 
Created redmine issue https://projects.theforeman.org/issues/34631 from this bug
Comment 5 Bryan Kearney 2022-03-16 20:05:38 UTC 
Upstream bug assigned to iballou
Comment 6 Bryan Kearney 2022-03-16 20:05:40 UTC 
Upstream bug assigned to iballou
Comment 9 Brad Buckingham 2022-03-28 19:54:42 UTC 
Moving to POST as upstream PR is merged.
Comment 10 sganar 2022-05-05 08:34:08 UTC 
Verified.

Tested on Satellite 6.9.9 snap 2.0
rubygem-foreman_maintain-1.0.6-1.el7sat.noarch

Steps followed: 
1. Run upgrade to 6.10 

Observation: 
Syncing works fine and the files under /var/lib/pulp/media are owned by the pulp user.
when running the pulp2 removal procedure, artifact ownership procedure is also run.
Comment 13 errata-xmlrpc 2022-07-05 14:34:27 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Satellite 6.11 Release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:5498
Note You need to log in before you can comment on or make changes to this bug.