-
Bug
-
Resolution: Done
-
Major
-
6.10.7
Description of problem:
[RFE] Remove sudo from migrating the pulp database script migrate.rb
Version-Release number of selected component (if applicable):
satellite-6.10.7-1
How reproducible:
Remove the sudo access of the "root"
Steps to Reproduce:
1. setup satellite
2. remove the root from /etc/sudoers or restrict the "root"
3.
- cat /etc/sudoers|grep -i root
#root ALL=(ALL) ALL
or
- cat /etc/sudoers|grep -i root
Defaults !root_sudo
Actual results:
E, 2023-03-10 03:48:22+0000 #49723 ERROR – : Failed executing sudo PULP_SETTINGS=/etc/pulp/settings.py DJANGO_SETTINGS_MODULE=pulpcore.app.settings python3-django-admin migrate --noinput, exit status 1:
sudo: sudoers specifies that root is not allowed to sudo (ForemanMaintain::Error::ExecutionError)
- cat /usr/share/gems/gems/foreman_maintain-0.8.31/definitions/procedures/pulpcore/migrate.rb
module Procedures::Pulpcore
class Migrate < ForemanMaintain::Procedure
include ForemanMaintain::Concerns::SystemService
metadata do
description 'Migrate pulpcore db'
for_feature :pulpcore
end
def run
with_spinner('Migrating pulpcore') do |spinner|
necessary_services = feature(:pulpcore_database).services
pulp_services = feature(:pulpcore).services
feature(:service).handle_services(spinner, 'start', :only => necessary_services)
feature(:service).handle_services(spinner, 'stop', :only => pulp_services)
spinner.update('Migrating pulpcore database')
execute!('sudo PULP_SETTINGS=/etc/pulp/settings.py '\ <-- sudo requires
'DJANGO_SETTINGS_MODULE=pulpcore.app.settings '\
'python3-django-admin migrate --noinput')
end
end
end
end
6.10:
]# sudo PULP_SETTINGS=/etc/pulp/settings.py DJANGO_SETTINGS_MODULE=pulpcore.app.settings python3-django-admin migrate --noinput
root is not in the sudoers file. This incident will be reported.
6.11 :
- sudo PULP_SETTINGS=/etc/pulp/settings.py DJANGO_SETTINGS_MODULE=pulpcore.app.settings pulpcore-manager migrate --noinput
root is not in the sudoers file. This incident will be reported.
6.12 :
- sudo PULP_SETTINGS=/etc/pulp/settings.py DJANGO_SETTINGS_MODULE=pulpcore.app.settings pulpcore-manager migrate --noinput
sudo: sudoers specifies that root is not allowed to sudo
Expected results:
If satellite-maintain is being executed as the root user, it ought to function without needing sudo privileges.
Additional info:
Running Procedures after migrating to Satellite 6.12.z
================================================================================
Refresh detected features: [OK]
--------------------------------------------------------------------------------
Start applicable services:
Starting the following service(s):
redis, postgresql, pulpcore-api, pulpcore-content, qdrouterd, qpidd, pulpcore-worker@1.service, pulpcore-worker@2.service, tomcat, dynflow-sidekiq@orchestrator, foreman, httpd, puppetserver, dynflow-sidekiq@worker-1, dynflow-sidekiq@worker-hosts-queue-1, foreman-proxy, foreman-cockpit
| All services started [OK] -------------------------------------------------------------------------------- Trim RPM changelogs in the pulpcore db: |
| Trimming RPM changelogs [FAIL] Failed executing sudo PULP_SETTINGS=/etc/pulp/settings.py DJANGO_SETTINGS_MODULE=pulpcore.app.settings pulpcore-manager rpm-trim-changelogs, exit status 1: sudo: sudoers specifies that root is not allowed to sudo -------------------------------------------------------------------------------- Scenario [Procedures after migrating to Satellite 6.12.z] failed. |
The following steps ended up in failing state:
[pulpcore-trim-rpm-changelogs]
Resolve the failed steps and rerun the command.
If the situation persists and, you are unclear what to do next,
contact Red Hat Technical Support.
In case the failures are false positives, use
--whitelist="pulpcore-trim-rpm-changelogs"
