Tracker #32785
open
having permission issue since upgrading to foreman 2.5 with katello 4.1
0%
Description
When running foreman-rake console or foreman-rake katello:upgrade_check I get the following output before it successfully runs...
```
`/usr/share/foreman` is not writable.
Bundler will use `/tmp/bundler20210611-5474-8p6k3z5474' as your home directory temporarily.
This script makes no modifications and can be re-run multiple times for the most up to date results.
Checking upgradeability...
Checking for running tasks...
[SUCCESS] - There are 0 active tasks.
You may proceed with the upgrade.
```
The production.log shows these entries for the above rake output...
```
2021-06-11T10:05:04 [I|app|a14df45f] Started GET "/notification_recipients" for MY_HOSTIP at 2021-06-11 10:05:04 -0400
2021-06-11T10:05:04 [I|app|a14df45f] Processing by NotificationRecipientsController#index as JSON
2021-06-11T10:05:04 [I|app|a14df45f] Completed 200 OK in 43ms (Views: 0.1ms | ActiveRecord: 2.0ms | Allocations: 14163)
2021-06-11T10:05:06 [I|app|] Rails cache backend: File
2021-06-11T10:05:11 [W|app|] Creating scope :completer_scope. Overwriting existing method Location.completer_scope.
2021-06-11T10:05:11 [W|app|] Creating scope :completer_scope. Overwriting existing method Organization.completer_scope.
2021-06-11T10:05:11 [W|app|] Setting host_tasks_workers_pool_size has no definition, please define it before using
2021-06-11T10:05:13 [W|app|] Creating scope :exportable. Overwriting existing method Katello::Repository.exportable.
2021-06-11T10:05:14 [I|app|832e6799] Started GET "/notification_recipients" for MY_HOSTIP at 2021-06-11 10:05:14 -0400
2021-06-11T10:05:14 [I|app|832e6799] Processing by NotificationRecipientsController#index as JSON
2021-06-11T10:05:14 [I|app|832e6799] Completed 200 OK in 44ms (Views: 0.1ms | ActiveRecord: 1.9ms | Allocations: 14175)
2021-06-11T10:05:17 [W|app|] Scoped order is ignored, it's forced to be batch order.
```
In the foreman UI when I try to promote or publish a content view I get the below error...
```
undefined method 'id' for nil:NilClass
```
These were working without error prior to upgrading. I upgraded from foreman 2.4.0 & katello 4.0 to foreman 2.5.0 & katello 4.1.0.
There aren't any selinux errors in /var/log/audit/audit.log. Below are the permissions for /usr/share/foreman...
```
[root@puppet ~]# ls lZd /usr/share/foreman. foreman root system_u:object_r:usr_t:s0 /usr/share/foreman/config.ru
drwxr-xr-x. root root system_u:object_r:usr_t:s0 /usr/share/foreman
[root@puppet ~]# ls -lZd /usr/share/foreman/*
drwxr-xr-x. root root system_u:object_r:usr_t:s0 /usr/share/foreman/app
drwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/share/foreman/bin
drwxr-xr-x. root root system_u:object_r:usr_t:s0 /usr/share/foreman/bundler.d
drwxr-xr-x. root root system_u:object_r:usr_t:s0 /usr/share/foreman/config
-rw-r--r-
lrwxrwxrwx. root root system_u:object_r:usr_t:s0 /usr/share/foreman/db > /var/lib/foreman/db. root root system_u:object_r:usr_t:s0 /usr/share/foreman/Gemfile.in
drwxr-xr-x. root root system_u:object_r:usr_t:s0 /usr/share/foreman/extras
-rw-r--r-
drwxr-xr-x. root root system_u:object_r:lib_t:s0 /usr/share/foreman/lib
drwxr-xr-x. root root system_u:object_r:usr_t:s0 /usr/share/foreman/locale
lrwxrwxrwx. root root system_u:object_r:usr_t:s0 /usr/share/foreman/log > /var/log/foreman. root root system_u:object_r:usr_t:s0 /usr/share/foreman/Rakefile
drwxr-xr-x. root root system_u:object_r:usr_t:s0 /usr/share/foreman/migrate
drwxr-xr-x. root root system_u:object_r:usr_t:s0 /usr/share/foreman/plugins
lrwxrwxrwx. root root system_u:object_r:usr_t:s0 /usr/share/foreman/public -> /var/lib/foreman/public
-rw-r--r-
drwxr-xr-x. root root system_u:object_r:usr_t:s0 /usr/share/foreman/script
drwxr-xr-x. root root system_u:object_r:usr_t:s0 /usr/share/foreman/seeds.drw-r--r-. root root system_u:object_r:usr_t:s0 /usr/share/foreman/seeds.rb
lrwxrwxrwx. root root system_u:object_r:usr_t:s0 /usr/share/foreman/tmp > /var/run/foreman. root root system_u:object_r:usr_t:s0 /usr/share/foreman/VERSION
-rw-r--r-
```
Additionally, I assume this is related...in /var/log/secure I see the following denied entry for the foreman user...
```
Jun 11 09:30:01 puppet crond4610: pam_access(crond:account): access denied for user `foreman' from `cron'
Jun 11 09:30:01 puppet crond4610: pam_sss(crond:account): Access denied for user foreman: 10 (User not known to the underlying authentication module)
```
I am attaching the production.log entries from an attempt to publish a content view. Please note all references to MY_HOSTIP are just my attempt at sanitizing my data for this issue.
My apologies if this is incorrectly categorized. The rake warning and failure to publish content views both seem related to me because they started at the same time. I assume there is a permissions issue but I don't know how to identify it based on what I have found so far. The foreman UI works and all the foreman services are running.
Any guidance or suggestions is much appreciated.
Files
Updated by Mary Etta Trembly almost 3 years ago
- Subject changed from having permissions issue since upgrading to foreman 2.5 with katello 4.1 to having permission issue since upgrading to foreman 2.5 with katello 4.1
Updated by Mary Etta Trembly almost 3 years ago
- Category changed from Rake tasks to Database
I have changed this category from 'rake' to 'Database' because I see the below output in /var/log/production.log when I enable debug logging and attempt to either publish a content view or run 'foreman-rake whatever'
When trying to publish a new content view I see this...Setting default_location_puppet_content has no definition, clean up your database
It continues progressing through phases successfully until I see this...
b9a84da0 | /opt/theforeman/tfm/root/usr/share/gems/gems/rack-2.2.3/lib/rack/urlmap.rb:58:in `each'
b9a84da0 | /opt/theforeman/tfm/root/usr/share/gems/gems/rack-2.2.3/lib/rack/urlmap.rb:58:in `call'
b9a84da0 | /opt/theforeman/tfm/root/usr/share/gems/gems/puma-5.3.2/lib/puma/configuration.rb:249:in `call'
b9a84da0 | /opt/theforeman/tfm/root/usr/share/gems/gems/puma-5.3.2/lib/puma/request.rb:77:in `block in handle_request'
b9a84da0 | /opt/theforeman/tfm/root/usr/share/gems/gems/puma-5.3.2/lib/puma/thread_pool.rb:338:in `with_force_shutdown'
b9a84da0 | /opt/theforeman/tfm/root/usr/share/gems/gems/puma-5.3.2/lib/puma/request.rb:76:in `handle_request'
b9a84da0 | /opt/theforeman/tfm/root/usr/share/gems/gems/puma-5.3.2/lib/puma/server.rb:438:in `process_client'
b9a84da0 | /opt/theforeman/tfm/root/usr/share/gems/gems/puma-5.3.2/lib/puma/thread_pool.rb:145:in `block in spawn_thread'
b9a84da0 | [ concurrent-ruby ]
2021-06-11T11:59:49 [D|dyn|b9a84da0] Step e7216fcd-3a44-47fd-be6a-27d749893914:65 running >> error in phase Plan Actions::Pulp3::Repository::RefreshDistribution
2021-06-11T11:59:49 [E|bac|b9a84da0] undefined method `id' for nil:NilClass (NoMethodError)
b9a84da0 | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.1.0.rc2.1/app/lib/actions/pulp3/repository/refresh_distribution.rb:15:in `block in plan'
b9a84da0 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.8/lib/dynflow/execution_plan.rb:384:in `switch_flow'
b9a84da0 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.8/lib/dynflow/action.rb:422:in `sequence'
b9a84da0 | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.1.0.rc2.1/app/lib/actions/pulp3/repository/refresh_distribution.rb:10:in `plan'
b9a84da0 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.8/lib/dynflow/action.rb:514:in `block (3 levels) in execute_plan'
b9a84da0 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.8/lib/dynflow/middleware/stack.rb:27:in `pass'
b9a84da0 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.8/lib/dynflow/middleware.rb:19:in `pass'
b9a84da0 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.8/lib/dynflow/middleware.rb:36:in `plan'
The response in foreman UI is undefined method `id' for nil:NilClass
When I run foreman-rake katello:upgrade_check ... the command is successful but I see the below entries in production.log
2021-06-11T12:17:37 [D|app|] Setting cdn_ssl_version has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting katello_default_provision has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting katello_default_finish has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting katello_default_user_data has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting katello_default_PXELinux has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting katello_default_PXEGrub has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting katello_default_PXEGrub2 has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting katello_default_iPXE has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting katello_default_ptable has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting katello_default_kexec has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting katello_default_atomic_provision has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting manifest_refresh_timeout has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting content_action_accept_timeout has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting content_action_finish_timeout has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting content_disconnected has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting errata_status_installable has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting restrict_composite_view has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting check_services_before_actions has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting foreman_proxy_content_batch_size has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting foreman_proxy_content_auto_sync has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting default_download_policy has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting default_redhat_download_policy has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting default_proxy_download_policy has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting pulp_docker_registry_port has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting pulp_export_destination has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting content_default_http_proxy has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting pulpcore_export_destination has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting pulp_client_key has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting pulp_client_cert has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting unregister_delete_host has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting register_hostname_fact has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting register_hostname_fact_strict_match has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting expire_soon_days has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting content_view_solve_dependencies has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting dependency_solving_algorithm has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting host_dmi_uuid_duplicates has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting host_profile_assume has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting host_tasks_workers_pool_size has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting applicability_batch_size has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting autosearch_while_typing has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting autosearch_delay has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting default_location_subscribed_hosts has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting default_location_puppet_content has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting remote_execution_by_default has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting sync_connect_timeout has no definition, clean up your database
2021-06-11T12:17:37 [D|app|] Setting bulk_load_size has no definition, clean up your database
I followed the upgrade instructions here: https://docs.theforeman.org/2.5/Upgrading_and_Updating/index-katello.html#upgrade_paths
The upgrade finished successfully, it was just an upgrade to the foreman 2.4/Katello4.0 version already installed.
Is there an additional database cleanup step I should have done that is not listed in the instructions?
I did not see any mention of needing to do anything 'special' to prepare the database for this upgrade.