Project

Profile

Help

Issue #467

closed

pulp-admin node sync command can only be called by root

Added by jortel@redhat.com about 9 years ago. Updated over 4 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
3. High
Version:
2.4 Beta
Platform Release:
2.6.0
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

Description of problem:

pulp-admin node sync command can only be called by root because the command imports a constant from a module that reads /etc/pulp/server.conf. Running as non-root user raises permission-denied.

Version-Release number of selected component (if applicable):

2.4.0-0.23.beta

How reproducible:

Always.

Steps to Reproduce:
1. Run pulp-admin node sync ...
2.
3.

Actual results:

permission denied reading /etc/pulp/server.conf.

Expected results:

No errors.

Additional info:

+ This bug was cloned from Bugzilla Bug #1116040 +

Actions #1

Updated by jortel@redhat.com about 9 years ago

The easiest fix for this is to move PRIMARY_ID to constants.py and have all modules import from there.

+ This comment was cloned from Bugzilla #1116040 comment 1 +

Actions #2

Updated by mhrivnak about 9 years ago

The best fix is for the offending module to not read a config file at import time, but that is likely a longer-term fix.

+ This comment was cloned from Bugzilla #1116040 comment 2 +

Actions #3

Updated by rbarlow about 9 years ago

I think there's something else really important to note here: pulp-admin can't be assumed to have an /etc/pulp/server.conf on the machine it is running on. Remember that pulp-admin connects over the REST API, so it's not necessarily on a machine that has pulp-server installed. Also, even if it does have a server.conf, that's no guarantee that it's the same server.conf for the server that pulp-admin is connecting to.

+ This comment was cloned from Bugzilla #1116040 comment 3 +

Actions #4

Updated by jortel@redhat.com about 9 years ago

Two things need to happen here:
1. PRIMARY_ID to constants.py as suggested in #1.
2. Fix server/config.py

Number 2 should be a separate BZ.

+ This comment was cloned from Bugzilla #1116040 comment 4 +

Actions #5

Updated by jortel@redhat.com about 9 years ago

Bug opened against server/config.py https://bugzilla.redhat.com/show_bug.cgi?id=1160369.

+ This comment was cloned from Bugzilla #1116040 comment 5 +

Actions #6

Updated by cduryee about 9 years ago

The fix for issue #1 in comment 4 is merged to 2.5-dev and master. Marking BZ as MODIFIED since issue #2 has its own BZ now.

+ This comment was cloned from Bugzilla #1116040 comment 6 +

Actions #7

Updated by cduryee about 9 years ago

fixed in pulp 2.6.0-0.2.beta

+ This comment was cloned from Bugzilla #1116040 comment 7 +

Actions #8

Updated by igulina@redhat.com about 9 years ago

On parent:

rpm -qa pulp-server

pulp-server-2.6.0-0.2.beta.el6.noarch

[ec2-user@host ~]$ pulp-admin rpm repo create --repo-id gatto --feed https://repos.fedorapeople.org/repos/pulp/pulp/demo_repos/zoo/cat-1.0-1.noarch.rpm

Successfully created repository [gatto]

[ec2-user@host ~]$ pulp-admin node repo enable --repo-id gatto

Repository enabled.

Note: Repository [ gatto ] will not be available for node synchronization until published. See: the 'node repo publish' command.

Warning: enabling with auto-publish may degrade repository synchronization
performance.

[ec2-user@host ~]$ pulp-admin node repo publish --repo-id gatto

This command may be exited via ctrl+c without affecting the request.

[\]
Running...

Publish succeeded.

[ec2-user@host ~]$ pulp-admin node bind --node-id zoo --repo-id gatto

Node bind succeeded.

Note: Repository [ gatto ] will be included in node synchronization.

[ec2-user@host ~]$ pulp-admin node sync run --node-id zoo

This command may be exited via ctrl+c without affecting the request.

(1/2) Repository: gatto
[==================================================] 100%

Synchronization succeeded

--------------------------------------------------------------------
Child Node Synchronization
--------------------------------------------------------------------

Repository:
Action: Added
Content Sources:
Downloads:
Total Sources: 0
Id: gatto
Units:
Added: 0
Removed: 0
Updated: 0

On child:

find /var/lib/pulp/ -name "*.rpm"

/var/lib/pulp/published/yum/https/repos/repos/pulp/pulp/demo_repos/zoo/cat-1.0-1.noarch.rpm

+ This comment was cloned from Bugzilla #1116040 comment 8 +

Actions #9

Updated by bmbouter almost 9 years ago

  • Severity changed from High to 3. High
Actions #10

Updated by rbarlow almost 9 years ago

  • Status changed from 6 to CLOSED - CURRENTRELEASE
Actions #12

Updated by bmbouter almost 5 years ago

  • Tags Pulp 2 added
Actions #13

Updated by matthummel over 4 years ago

  • File clipboard-201908051623-cjjyq.png added
Actions #14

Updated by bmbouter over 4 years ago

  • File deleted (clipboard-201908051623-cjjyq.png)

Also available in: Atom PDF