Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Description of problem:
After the Pulp 2 to Pulp 3 migration, upstream users have been reporting failing syncs that seem to be related to incorrect permissions in Pulp's artifacts directory. Thread: https://community.theforeman.org/t/katello-4-3-repo-sync-error-errno1-operation-not-permitted/27262/11
From the report, it seems that something changed in Pulp 3 between Pulpcore 3.14 and 3.16 that suddenly made the incorrect permissions cause sync errors. Users have no issues syncing on Katello with Pulpcore 3.14.
I'm setting this on the Installer component for now because the installer keeps track of other Pulp-related permissions: https://github.com/theforeman/puppet-pulpcore/blob/master/manifests/config.pp
Foreman Maintain is another place where these permissions could be fixed if there is some reason with doing so in the Foreman Installer.
Version-Release number of selected component (if applicable):
Satellite 7.0 (Katello 4.3)
How reproducible:
The permissions being wrong is likely 100% reproducible.
The repository sync error is unknown right now because the reporting user could sync some repositories.
Steps to Reproduce:
From Grant's comment, to reproduce you would only need to run the upgrade to 6.10 where the Pulp 3 files are on the same volume as the Pulp 2 ones: https://community.theforeman.org/t/katello-4-3-repo-sync-error-errno1-operation-not-permitted/27262/14
Actual results:
Syncing fails and some files under /var/lib/pulp/media are owned by apache rather than pulp.
Expected results:
Syncing works fine and the files under /var/lib/pulp/media are owned by the pulp user.
Additional info:
I just did a standard upgrade from 6.9 to 6.10 and saw no issues with the file permissions in the artifacts folder. It could be that the upstream users did the migration when it wasn't as well-supported.
Verified.
Tested on Satellite 6.9.9 snap 2.0
rubygem-foreman_maintain-1.0.6-1.el7sat.noarch
Steps followed:
1. Run upgrade to 6.10
Observation:
Syncing works fine and the files under /var/lib/pulp/media are owned by the pulp user.
when running the pulp2 removal procedure, artifact ownership procedure is also run.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Moderate: Satellite 6.11 Release), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHSA-2022:5498