Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 2106501 - Repository synchronization fails with error "[Errno 1] Operation not permitted" after upgrading to Red Hat Satellite 6.11
Summary: Repository synchronization fails with error "[Errno 1] Operation not permitte...
Keywords:
Status: CLOSED DUPLICATE of bug 2112369
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Repositories
Version: 6.11.0
Hardware: x86_64
OS: Linux
high
high
Target Milestone: Unspecified
Assignee: satellite6-bugs
QA Contact: Cole Higgins
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-07-12 20:51 UTC by Jason Dickerson
Modified: 2022-09-23 08:42 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 2112369 (view as bug list)
Environment:
Last Closed: 2022-08-11 17:21:37 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 35261 0 Normal Closed Repository synchronization fails with error "[Errno 1] Operation not permitted" after upgrading to Red Hat Satellite 6.1... 2022-08-10 15:54:50 UTC
Red Hat Knowledge Base (Solution) 6966917 0 None None None 2022-07-12 20:51:17 UTC

Description Jason Dickerson 2022-07-12 20:51:17 UTC 
Description of problem:
After upgrading from Satellite 6.10 to 6.11, most repository sync's fail with operation not permitted.  

Version-Release number of selected component (if applicable):
Satellite 6.11 

How reproducible:
It was consistent

Steps to Reproduce:
1.Satellite installed at 6.3 and upgraded all the way to 6.11
2.Attempt to sync repositories


Actual results:
operation not permitted errors

Expected results:
repository syncs are successful

Additional info:
Pulp3 did not have permissions to the artifact files on the filesystem.  The permissions were apache:pulp.  I found the following issue on theforeman community site:  

https://community.theforeman.org/t/katello-4-3-repo-sync-error-errno1-operation-not-permitted/27262/6

The following command corrected all the repository sync issues:

# chown -hR pulp.pulp /var/lib/pulp/media/artifact/
Comment 1 Sayan Das 2022-07-12 20:58:10 UTC 
In Satellite 6.9:

apache user is part of apache and pulp group.

# id apache
uid=48(apache) gid=48(apache) groups=48(apache),1000(pulp)

# id pulp
uid=1000(pulp) gid=1000(pulp) groups=1000(pulp)


For some users, in Satellite 6.10 also, above is true but then again for some 6.10 installations, apache is not part of pulp group anymore.


Now, from satellite 6.11 , definitely apache user is not part of pulp group.


# id apache
uid=48(apache) gid=48(apache) groups=48(apache)

# id pulp
uid=988(pulp) gid=985(pulp) groups=985(pulp)


So for those who ran into this issue, 

* They were having apache:pulp as the ownership of certain artifacts while on 6.9 and\or 6.10

* But as soon as they upgrade to 6.11, That ownership stopped working as apache user is not part of pulp group and the ownership required to be pulp:pulp 


Apart from running "satellite-maintain prep-6.10-upgrade" , I don't know where else this ownership stuff is changed for pulp artifacts but even for "prep-6.10-upgrade" , it only changes the group ownership of files to pulp but not user ownership.


Something must be causing the owner to remain as apache:pulp for one or more artifacts, even after the users have upgraded to 6.11.
Comment 3 Samir Jha 2022-07-21 18:36:46 UTC 
Created redmine issue https://projects.theforeman.org/issues/35261 from this bug
Comment 13 Bryan Kearney 2022-08-01 20:05:16 UTC 
Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/35261 has been resolved.
Comment 14 Bianca House 2022-08-03 21:18:39 UTC 
Hello,

Working with customer for same issue. They've applied the fix using 'satellite-maintain content fix-pulpcore-artifact-ownership -y' but are now receiving the following exactly as shown:

Error message: the server returns an errorError message: the server returns an error
Note You need to log in before you can comment on or make changes to this bug.