5.0.5 AIO Permission-Related Installation Issues

Description

Reported by customer c478:

Customer reported an AIO installation failure:

While running "cfy_manager install", we encountered "2020-02-18 18:56:01,507 - [MAIN] - ERROR - ProcessExecutionError: Failed running command: sudo -E -u postgres /usr/bin/psql -t -X -c SELECT COUNT FROM managers where hostname='zldcmtn23aecc1d41mngr01' (could not change directory to "/home/REDACTED": Permission denied
ERROR: relation "managers" does not exist
LINE 1: SELECT COUNT FROM managers where hostname='zldcmtn23aecc1...

We had a Zoom session and started with a fresh VM. We encountered the following error during installation:

2020-02-19 15:10:12,151 - [MAIN] - ERROR - InitializationError: Status reporter is not installed, path does not exist: /opt/status-reporter/status_reporter_configuration.yaml

The customer advised they had manually fixed that earlier and continued. We did the same and ran into the same database error. Permissions issues, specifically umask = 0027, resulted in the database not being configured.

Should be easily reproducable with umask 0027.

Steps to Reproduce

Environment:
OS (CLI), HA cluster, cloud provider
------------------------------------

Steps to reproduce:
------------------
1.
2.
3.

Expected result:
---------------

Actual result:
-------------

Why Propose Close?

None

Activity

Show:
Eve Land
February 19, 2020, 5:58 PM

Workaround:

  1. new VM

  2. sudo usermod -aG wheel,adm,systemd-journal <INSTALL-USER>

  3. logout and back in

  4. proceed with normal installation

 

geokala
February 20, 2020, 9:23 AM

Update: This isn’t a umask issue, instead it’s an issue with us assuming the installation user will be a member of the adm group and still expecting os.path.exists to work when the user isn’t.

This can be fixed by making the check for file existence use sudo instead of the python stdlib.

geokala
March 2, 2020, 10:52 AM

We determined that there are two workarounds for 5.0.5:

  1. Make sure the installation user is a member of the adm group.

  2. Run the install using sudo.

The second approach makes cfy not work as the installation user unless the profile is manually copied or created afterwards, but the manager itself works without issue.

 

geokala
March 2, 2020, 12:08 PM

Fix has been merged to master, will be tested after the next automatic build.

geokala
March 18, 2020, 9:01 AM

Tested with no adm group membership and confirmed working.

Assignee

geokala

Reporter

Eve Land

Labels

Severity

High

Target Version

unscrubed

Premium Only

yes

Found In Version

5.0.5

QA Owner

None

Bug Type

unknown

Customer Encountered

Yes

Customer Name

None

Release Notes

yes

Priority

None

Epic Link

Priority

Unprioritized
Configure