-
Notifications
You must be signed in to change notification settings - Fork 136
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes #37883 - halt if remote DB does not own EVR #984
Fixes #37883 - halt if remote DB does not own EVR #984
Conversation
To-do: skip the entire hook if the database is local. |
696bcf1
to
01803e4
Compare
01803e4
to
174cb40
Compare
Tested and I see the proper error message:
I ran (at least I think I ran) the recommended update I tested this using some new Forklift code to make it easier (theforeman/forklift#1871). This is needed locally to get all the PRs:
|
From discussion with @ianballou, a check that evr extension will be added to this hook since for fresh installations the EVR extension would not be expected to have been installed. |
174cb40
to
308b53b
Compare
@ehelms I fixed up the PR, it should be okay now. I haven't tested it yet for nil outputs, but the nil check there should do the trick. |
@ianballou Can you fix up the rubocop issue? |
308b53b
to
d2ee8f5
Compare
We should also add a similar check to foreman-maintain to test the ownership before upgrading for the best user experience. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
At least the logging of the password needs to be addressed.
d2ee8f5
to
e37efb5
Compare
@ekohl I believe I've addressed all of your comments. I had to move some methods around to use them in both this hook and the database reset one. |
e37efb5
to
ea941fd
Compare
I consider not having this check a blocker, TBH. |
ea941fd
to
60b31b8
Compare
5aae8d8
to
3c6ef7e
Compare
I realized that we don't need to check the |
Foreman maintain side: theforeman/foreman_maintain#953 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be squashed
@@ -0,0 +1,38 @@ | |||
# Managed databases will be handled automatically. | |||
return if local_postgresql? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can't return outside of a function and it broke nightly pipelines
[2024-11-20T22:10:35.810Z] /usr/share/foreman-installer/hooks/pre_commit/42-evr_extension_permissions.rb:2:in `block (4 levels) in load': unexpected return (LocalJumpError)
[2024-11-20T22:10:35.810Z] from /usr/share/gems/gems/kafo-7.6.0/lib/kafo/hooking.rb:36:in `instance_eval'
[2024-11-20T22:10:35.810Z] from /usr/share/gems/gems/kafo-7.6.0/lib/kafo/hooking.rb:36:in `block (4 levels) in load'
[2024-11-20T22:10:35.810Z] from /usr/share/gems/gems/kafo-7.6.0/lib/kafo/hook_context.rb:19:in `instance_eval'
[2024-11-20T22:10:35.810Z] from /usr/share/gems/gems/kafo-7.6.0/lib/kafo/hook_context.rb:19:in `execute'
[2024-11-20T22:10:35.810Z] from /usr/share/gems/gems/kafo-7.6.0/lib/kafo/hooking.rb:67:in `block in execute'
[2024-11-20T22:10:35.810Z] from /usr/share/gems/gems/kafo-7.6.0/lib/kafo/hooking.rb:65:in `each'
[2024-11-20T22:10:35.810Z] from /usr/share/gems/gems/kafo-7.6.0/lib/kafo/hooking.rb:65:in `execute'
[2024-11-20T22:10:35.810Z] from /usr/share/gems/gems/kafo-7.6.0/lib/kafo/kafo_configure.rb:219:in `execute'
[2024-11-20T22:10:35.810Z] from /usr/share/gems/gems/clamp-1.3.2/lib/clamp/command.rb:66:in `run'
[2024-11-20T22:10:35.810Z] from /usr/share/gems/gems/kafo-7.6.0/lib/kafo/kafo_configure.rb:184:in `run'
[2024-11-20T22:10:35.810Z] from /usr/share/gems/gems/clamp-1.3.2/lib/clamp/command.rb:140:in `run'
[2024-11-20T22:10:35.810Z] from /usr/share/gems/gems/kafo-7.6.0/lib/kafo/kafo_configure.rb:54:in `run'
[2024-11-20T22:10:35.810Z] from /sbin/foreman-installer:8:in `<main>'
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe this will solve it: #999
Checks if the
postgres
user owns theevr
extension. If it does, halt the foreman-installer and report an error with the command to run to fix the permissions.Also check if
postgres
is the foreman DB owner. In that case, don't do anything because the migration will succeed.There's no provision if the admin user is called something other than postgres. Should there be?