Loading...

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: None
Affects Version/s: 2.8 ER1
Component/s: System
Labels:
None

Story Points:
5
3Scale PT Tested upstream:
Not Started
3scale PT Docs:
Not Started
3scale PT Product Specs:
Not Started
3scale PT Product Update Ready:
Not Started
3scale PT Released In Saas:
Not Started
3scale PT Verified Product:
Not Started
Target Release:

2.8 CR1
Git Pull Request:
https://github.com/3scale/porta/pull/1708

Sprint:
3scale 2020-02-17

SFDC Cases Counter:
SFDC Cases Links:

Deploying to OCP with PostgreSQL as the system database fails with PG::InsufficientPrivilege: ERROR: permission denied to create database.

DEPRECATION WARNING: alias_method_chain is deprecated. Please, use Module#prepend instead. From module, you can access the original method using super. (called from require at /opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/runtime.rb:81)
DEPRECATION WARNING: `config.static_cache_control` is deprecated and will be removed in Rails 5.1.
Please use
`config.public_file_server.headers = { 'Cache-Control' => 'public, max-age=31557600' }`
instead.
 (called from block in <top (required)> at /opt/system/config/environments/production.rb:117)
I, [2020-02-17T16:18:31.501774 #1]  INFO -- : ActiveMerchant MODE set to 'production'
W, [2020-02-17T16:18:31.546409 #1]  WARN -- [Bugsnag]: No valid API key has been set, notifications will not be sent
I, [2020-02-17T16:18:31.801477 #1]  INFO -- : [Core] Using http://backend-listener:3000/internal/ as URL
OpenIdAuthentication.store is nil. Using in-memory store.
Creating scope :admins. Overwriting existing method User.admins.
Creating scope :by_name. Overwriting existing method Cinstance.by_name.
[core] non-native log levels verbose, notice, critical emulated using UNKNOWN severity
Backend Internal API version 2.98.0 status: ok
Connected to postgresql://system@system-postgresql/system
Connected to redis://system-redis:6379/1
PG::InsufficientPrivilege: ERROR:  permission denied to create database
: CREATE DATABASE "system" ENCODING = 'utf8'
Couldn't create database for {"adapter"=>"postgresql", "variables"=>{"timezone"=>"UTC"}, "encoding"=>"utf8", "pool"=>5, "username"=>"system", "password"=>"8equfvi2", "database"=>"system", "host"=>"system-postgresql"}
rake aborted!
ActiveRecord::StatementInvalid: PG::InsufficientPrivilege: ERROR:  permission denied to create database
: CREATE DATABASE "system" ENCODING = 'utf8'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/connection_adapters/postgresql/database_statements.rb:98:in `async_exec'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/connection_adapters/postgresql/database_statements.rb:98:in `block in execute'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/connection_adapters/abstract_adapter.rb:590:in `block in log'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activesupport-5.0.7.2/lib/active_support/notifications/instrumenter.rb:21:in `instrument'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/connection_adapters/abstract_adapter.rb:583:in `log'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/connection_adapters/postgresql/database_statements.rb:97:in `execute'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/connection_adapters/postgresql/schema_statements.rb:62:in `create_database'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/tasks/postgresql_database_tasks.rb:15:in `create'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/tasks/database_tasks.rb:109:in `create'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/tasks/database_tasks.rb:129:in `block in create_current'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/tasks/database_tasks.rb:295:in `block in each_current_configuration'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/tasks/database_tasks.rb:292:in `each'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/tasks/database_tasks.rb:292:in `each_current_configuration'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/tasks/database_tasks.rb:128:in `create_current'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/railties/databases.rake:27:in `block (2 levels) in <top (required)>'
/opt/system/vendor/bundle/ruby/2.5.0/gems/bugsnag-6.11.1/lib/bugsnag/integrations/rake.rb:18:in `execute_with_bugsnag'
/opt/system/lib/tasks/db.rake:5:in `block (2 levels) in <top (required)>'
/opt/system/vendor/bundle/ruby/2.5.0/gems/bugsnag-6.11.1/lib/bugsnag/integrations/rake.rb:18:in `execute_with_bugsnag'
/opt/system/lib/tasks/openshift.rake:5:in `block (2 levels) in <top (required)>'
/opt/system/vendor/bundle/ruby/2.5.0/gems/bugsnag-6.11.1/lib/bugsnag/integrations/rake.rb:18:in `execute_with_bugsnag'
/opt/system/vendor/bundle/ruby/2.5.0/gems/rake-13.0.1/exe/rake:27:in `<top (required)>'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/cli/exec.rb:74:in `load'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/cli/exec.rb:74:in `kernel_load'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/cli/exec.rb:28:in `run'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/cli.rb:463:in `exec'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/vendor/thor/lib/thor/command.rb:27:in `run'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/vendor/thor/lib/thor/invocation.rb:126:in `invoke_command'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/vendor/thor/lib/thor.rb:387:in `dispatch'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/cli.rb:27:in `dispatch'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/vendor/thor/lib/thor/base.rb:466:in `start'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/cli.rb:18:in `start'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/exe/bundle:30:in `block in <top (required)>'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/friendly_errors.rb:124:in `with_friendly_errors'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/exe/bundle:22:in `<top (required)>'
/opt/rh/rh-ruby25/root/usr/local/bin/bundle:23:in `load'
/opt/rh/rh-ruby25/root/usr/local/bin/bundle:23:in `<main>'

Caused by:
PG::InsufficientPrivilege: ERROR:  permission denied to create database
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/connection_adapters/postgresql/database_statements.rb:98:in `async_exec'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/connection_adapters/postgresql/database_statements.rb:98:in `block in execute'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/connection_adapters/abstract_adapter.rb:590:in `block in log'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activesupport-5.0.7.2/lib/active_support/notifications/instrumenter.rb:21:in `instrument'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/connection_adapters/abstract_adapter.rb:583:in `log'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/connection_adapters/postgresql/database_statements.rb:97:in `execute'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/connection_adapters/postgresql/schema_statements.rb:62:in `create_database'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/tasks/postgresql_database_tasks.rb:15:in `create'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/tasks/database_tasks.rb:109:in `create'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/tasks/database_tasks.rb:129:in `block in create_current'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/tasks/database_tasks.rb:295:in `block in each_current_configuration'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/tasks/database_tasks.rb:292:in `each'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/tasks/database_tasks.rb:292:in `each_current_configuration'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/tasks/database_tasks.rb:128:in `create_current'
/opt/system/vendor/bundle/ruby/2.5.0/gems/activerecord-5.0.7.2/lib/active_record/railties/databases.rake:27:in `block (2 levels) in <top (required)>'
/opt/system/vendor/bundle/ruby/2.5.0/gems/bugsnag-6.11.1/lib/bugsnag/integrations/rake.rb:18:in `execute_with_bugsnag'
/opt/system/lib/tasks/db.rake:5:in `block (2 levels) in <top (required)>'
/opt/system/vendor/bundle/ruby/2.5.0/gems/bugsnag-6.11.1/lib/bugsnag/integrations/rake.rb:18:in `execute_with_bugsnag'
/opt/system/lib/tasks/openshift.rake:5:in `block (2 levels) in <top (required)>'
/opt/system/vendor/bundle/ruby/2.5.0/gems/bugsnag-6.11.1/lib/bugsnag/integrations/rake.rb:18:in `execute_with_bugsnag'
/opt/system/vendor/bundle/ruby/2.5.0/gems/rake-13.0.1/exe/rake:27:in `<top (required)>'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/cli/exec.rb:74:in `load'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/cli/exec.rb:74:in `kernel_load'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/cli/exec.rb:28:in `run'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/cli.rb:463:in `exec'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/vendor/thor/lib/thor/command.rb:27:in `run'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/vendor/thor/lib/thor/invocation.rb:126:in `invoke_command'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/vendor/thor/lib/thor.rb:387:in `dispatch'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/cli.rb:27:in `dispatch'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/vendor/thor/lib/thor/base.rb:466:in `start'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/cli.rb:18:in `start'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/exe/bundle:30:in `block in <top (required)>'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/lib/bundler/friendly_errors.rb:124:in `with_friendly_errors'
/opt/rh/rh-ruby25/root/usr/local/share/gems/gems/bundler-1.17.3/exe/bundle:22:in `<top (required)>'
/opt/rh/rh-ruby25/root/usr/local/bin/bundle:23:in `load'
/opt/rh/rh-ruby25/root/usr/local/bin/bundle:23:in `<main>'
Tasks: TOP => db:deploy:setup => db:setup => db:schema:load_if_ruby => db:create
(See full trace by running task with --trace)

db:setup, triggered in the system pre-hook pod as part of the openshift:deploy task, always tries to create the database and we don't handle failures. Zync follows a different approach. Its entry point tries db:setup escaping to db:migrate in case of exit status other than 0. See https://github.com/3scale/zync/blob/6e7ffa355c287d68b72ce6850d315eff5a346efb/.s2i/bin/run#L7

Apart from the permission error, another problem is with the collation setting in the configs. "utf8_bin" is not supported by centos/postgresql-10-centos7 (the image of postgres we use in the upstream). We need to make https://github.com/3scale/porta/blob/431ab13431f57f562f393f7e1440a7770f44813e/openshift/system/config/database.yml#L16 MySQL only.

If we fix the collation issue mentioned above and grant the user with proper permissions to create the database (even though the database is already there), using the command below, deployment succeeds:

$ oc exec -it <system-postgresql-pod> bash

bash-4.2$ psql -U postgres system

system=# ALTER ROLE system WITH createdb;
ALTER ROLE

Dev Notes
Things we need to do:
1. Fix the collation in the database settings for openshift (i.e. make it MySQL only)
2. Workaround db:setup permission errors (perhaps in the fashion zync does)

Details

Description

Attachments

Activity

People

Dates