Uploaded image for project: 'Red Hat 3scale API Management'
  1. Red Hat 3scale API Management
  2. THREESCALE-4522

Deploy to OCP with PostgreSQL fails with permission denied to create database

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • None
    • 2.8 ER1
    • System
    • None
    • 5
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • 3scale 2020-02-17

      Deploying to OCP with PostgreSQL as the system database fails with PG::InsufficientPrivilege: ERROR: permission denied to create database.

      DEPRECATION WARNING: alias_method_chain is deprecated. Please, use Module#prepend instead. From module, you can access the original method using super. (called from require at /opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/runtime.rb:81)
DEPRECATION WARNING: `config.static_cache_control` is deprecated and will be removed in Rails 5.1.
Please use
`config.public_file_server.headers = { 'Cache-Control' => 'public, max-age=31557600' }`
instead.
 (called from block in <top (required)> at /opt/system/config/environments/production.rb:117)
I, [2020-02-17T16:18:31.501774 #1]  INFO -- : ActiveMerchant MODE set to 'production'
W, [2020-02-17T16:18:31.546409 #1]  WARN -- [Bugsnag]: No valid API key has been set, notifications will not be sent
I, [2020-02-17T16:18:31.801477 #1]  INFO -- : [Core] Using http://backend-listener:3000/internal/ as URL
OpenIdAuthentication.store is nil. Using in-memory store.
Creating scope :admins. Overwriting existing method User.admins.
Creating scope :by_name. Overwriting existing method Cinstance.by_name.
[core] non-native log levels verbose, notice, critical emulated using UNKNOWN severity
Backend Internal API version 2.98.0 status: ok
Connected to postgresql://system@system-postgresql/system
Connected to redis://system-redis:6379/1
PG::InsufficientPrivilege: ERROR:  permission denied to create database
: CREATE DATABASE "system" ENCODING = 'utf8'
Couldn't create database for {"adapter"=>"postgresql", "variables"=>{"timezone"=>"UTC"}, "encoding"=>"utf8", "pool"=>5, "username"=>"system", "password"=>"8equfvi2", "database"=>"system", "host"=>"system-postgresql"}
rake aborted!
ActiveRecord::StatementInvalid: PG::InsufficientPrivilege: ERROR:  permission denied to create database
: CREATE DATABASE "system" ENCODING = 'utf8'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/connection_adapters/postgresql/database_statements.rb:98:in `async_exec'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/connection_adapters/postgresql/database_statements.rb:98:in `block in execute'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/connection_adapters/abstract_adapter.rb:590:in `block in log'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activesupport-5.0.7.2/lib/active_support/notifications/instrumenter.rb:21:in `instrument'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/connection_adapters/abstract_adapter.rb:583:in `log'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/connection_adapters/postgresql/database_statements.rb:97:in `execute'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/connection_adapters/postgresql/schema_statements.rb:62:in `create_database'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/tasks/postgresql_database_tasks.rb:15:in `create'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/tasks/database_tasks.rb:109:in `create'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/tasks/database_tasks.rb:129:in `block in create_current'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/tasks/database_tasks.rb:295:in `block in each_current_configuration'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/tasks/database_tasks.rb:292:in `each'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/tasks/database_tasks.rb:292:in `each_current_configuration'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/tasks/database_tasks.rb:128:in `create_current'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/railties/databases.rake:27:in `block (2 levels) in <top (required)>'
/opt/system/vendor/bundle/ruby/2.5.0/gems/bugsnag-6.11.1/lib/bugsnag/integrations/rake.rb:18:in `execute_with_bugsnag'
/opt/system/lib/tasks/db.rake:5:in `block (2 levels) in <top (required)>'
/opt/system/vendor/bundle/ruby/2.5.0/gems/bugsnag-6.11.1/lib/bugsnag/integrations/rake.rb:18:in `execute_with_bugsnag'
/opt/system/lib/tasks/openshift.rake:5:in `block (2 levels) in <top (required)>'
/opt/system/vendor/bundle/ruby/2.5.0/gems/bugsnag-6.11.1/lib/bugsnag/integrations/rake.rb:18:in `execute_with_bugsnag'
/opt/system/vendor/bundle/ruby/2.5.0/gems/rake-13.0.1/exe/rake:27:in `<top (required)>'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/cli/exec.rb:74:in `load'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/cli/exec.rb:74:in `kernel_load'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/cli/exec.rb:28:in `run'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/cli.rb:463:in `exec'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/vendor/thor/lib/thor/command.rb:27:in `run'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/vendor/thor/lib/thor/invocation.rb:126:in `invoke_command'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/vendor/thor/lib/thor.rb:387:in `dispatch'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/cli.rb:27:in `dispatch'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/vendor/thor/lib/thor/base.rb:466:in `start'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/cli.rb:18:in `start'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/exe/bundle:30:in `block in <top (required)>'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/friendly_errors.rb:124:in `with_friendly_errors'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/exe/bundle:22:in `<top (required)>'
/opt/rh/rh-ruby25/root/usr/local/bin/bundle:23:in `load'
/opt/rh/rh-ruby25/root/usr/local/bin/bundle:23:in `<main>'

Caused by:
PG::InsufficientPrivilege: ERROR:  permission denied to create database
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/connection_adapters/postgresql/database_statements.rb:98:in `async_exec'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/connection_adapters/postgresql/database_statements.rb:98:in `block in execute'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/connection_adapters/abstract_adapter.rb:590:in `block in log'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activesupport-5.0.7.2/lib/active_support/notifications/instrumenter.rb:21:in `instrument'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/connection_adapters/abstract_adapter.rb:583:in `log'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/connection_adapters/postgresql/database_statements.rb:97:in `execute'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/connection_adapters/postgresql/schema_statements.rb:62:in `create_database'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/tasks/postgresql_database_tasks.rb:15:in `create'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/tasks/database_tasks.rb:109:in `create'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/tasks/database_tasks.rb:129:in `block in create_current'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/tasks/database_tasks.rb:295:in `block in each_current_configuration'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/tasks/database_tasks.rb:292:in `each'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/tasks/database_tasks.rb:292:in `each_current_configuration'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/tasks/database_tasks.rb:128:in `create_current'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/railties/databases.rake:27:in `block (2 levels) in <top (required)>'
/opt/system/vendor/bundle/ruby/2.5.0/gems/bugsnag-6.11.1/lib/bugsnag/integrations/rake.rb:18:in `execute_with_bugsnag'
/opt/system/lib/tasks/db.rake:5:in `block (2 levels) in <top (required)>'
/opt/system/vendor/bundle/ruby/2.5.0/gems/bugsnag-6.11.1/lib/bugsnag/integrations/rake.rb:18:in `execute_with_bugsnag'
/opt/system/lib/tasks/openshift.rake:5:in `block (2 levels) in <top (required)>'
/opt/system/vendor/bundle/ruby/2.5.0/gems/bugsnag-6.11.1/lib/bugsnag/integrations/rake.rb:18:in `execute_with_bugsnag'
/opt/system/vendor/bundle/ruby/2.5.0/gems/rake-13.0.1/exe/rake:27:in `<top (required)>'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/cli/exec.rb:74:in `load'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/cli/exec.rb:74:in `kernel_load'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/cli/exec.rb:28:in `run'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/cli.rb:463:in `exec'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/vendor/thor/lib/thor/command.rb:27:in `run'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/vendor/thor/lib/thor/invocation.rb:126:in `invoke_command'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/vendor/thor/lib/thor.rb:387:in `dispatch'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/cli.rb:27:in `dispatch'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/vendor/thor/lib/thor/base.rb:466:in `start'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/cli.rb:18:in `start'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/exe/bundle:30:in `block in <top (required)>'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/friendly_errors.rb:124:in `with_friendly_errors'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/exe/bundle:22:in `<top (required)>'
/opt/rh/rh-ruby25/root/usr/local/bin/bundle:23:in `load'
/opt/rh/rh-ruby25/root/usr/local/bin/bundle:23:in `<main>'
Tasks: TOP => db:deploy:setup => db:setup => db:schema:load_if_ruby => db:create
(See full trace by running task with --trace)

      db:setup, triggered in the system pre-hook pod as part of the openshift:deploy task, always tries to create the database and we don't handle failures. Zync follows a different approach. Its entry point tries db:setup escaping to db:migrate in case of exit status other than 0. See https://github.com/3scale/zync/blob/6e7ffa355c287d68b72ce6850d315eff5a346efb/.s2i/bin/run#L7

      Apart from the permission error, another problem is with the collation setting in the configs. "utf8_bin" is not supported by centos/postgresql-10-centos7 (the image of postgres we use in the upstream). We need to make https://github.com/3scale/porta/blob/431ab13431f57f562f393f7e1440a7770f44813e/openshift/system/config/database.yml#L16 MySQL only.

      If we fix the collation issue mentioned above and grant the user with proper permissions to create the database (even though the database is already there), using the command below, deployment succeeds:

      $ oc exec -it <system-postgresql-pod> bash

bash-4.2$ psql -U postgres system

system=# ALTER ROLE system WITH createdb;
ALTER ROLE

      Dev Notes
      Things we need to do:
      1. Fix the collation in the database settings for openshift (i.e. make it MySQL only)
      2. Workaround db:setup permission errors (perhaps in the fashion zync does)

              Unassigned Unassigned
              mcassola Guilherme Cassolato
              Guilherme Cassolato Guilherme Cassolato
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: