Project

General

Profile

Actions

Bug #24460

closed

usersessions table creation may fail on postgresql 15 and more

Added by Nicolas CHARLES 8 months ago. Updated 6 months ago.

Status:
Rejected
Priority:
N/A
Assignee:
-
Category:
System integration
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No

Description

Since Postgresql 15, only the database owner can create table
However, it seems that some users (dating from 7.2.5) have the rudder database owned by "postgres" rather than "rudder"
I don't know how it happened, but as a consequence:
  • There is webapp error log
    2024-03-14 16:19:46.646:WARN :oejs.HttpChannel:qtp110992469-19: /rudder/j_spring_security_check
    Exception in thread "zio-fiber-9917" com.normation.errors$SystemError: SystemError(Error when saving session 'node0i5jqqg1dc3kt10qq2y4gg97wk4' info for user 'a545913',org.postgresql.util.PSQLException: ERROR: relation "usersessions" does not exist|  Position: 13)|?at zio.interop.ZioMonadError.raiseError.trace(cats.scala:545)|?at .onError(ApplicativeError.scala:241:0)|?at .guaranteeCase(MonadCancel.scala:375:0)|?at com.normation.rudder.db.Doobie.transactIOResult(Doobie.scala:92)|?at com.normation.rudder.users.JdbcUserRepository.logStartSession(UserRepository.scala:581)|?at com.normation.zio.ZioRuntime.unsafeRun(ZioCommons.scala:445)
            at zio.interop.ZioMonadError.raiseError.trace(cats.scala:545)
            at .onError(ApplicativeError.scala:241:0)
            at .guaranteeCase(MonadCancel.scala:375:0)
            at com.normation.rudder.db.Doobie.transactIOResult(Doobie.scala:92)
            at com.normation.rudder.users.JdbcUserRepository.logStartSession(UserRepository.scala:581)
            at com.normation.zio.ZioRuntime.unsafeRun(ZioCommons.scala:445)
    
  • when the webapp starts, there is the following message
    [2024-03-14 16:01:49+0100] ERROR bootchecks - Error when trying to create user tables: SystemError: Error with 'Users' table creation; cause was: org.postgresql.util.PSQLException: ERROR: permission denied for schema public
    
  • the postgresql information is
    rudder=# \l rudder
                                                  List of databases
      Name  |  Owner   | Encoding |   Collate   |    Ctype    | ICU Locale | Locale Provider | Access privileges
    --------+----------+----------+-------------+-------------+------------+-----------------+-------------------
     rudder | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 |            | libc            |
    (1 row)
    

we should ensure the ownership of the database to rudder

Actions #1

Updated by Nicolas CHARLES 8 months ago

  • Regression changed from No to Yes
Actions #2

Updated by François ARMAND 8 months ago

If the known connection doesn't have the rights to create tables, then we can't do much from Rudder.
We might forbid rudder to start, but I'm not sure it's better: at least if it starts, nodes & repports can work until the user see how to correct the right problem.

I don't think it's a regression: we never supported the case where we can't create table for migration.

Actions #3

Updated by Nicolas CHARLES 8 months ago

  • Regression changed from Yes to No
Actions #4

Updated by Vincent MEMBRÉ 7 months ago

  • Target version changed from 7.3.14 to 7.3.15
Actions #5

Updated by Nicolas CHARLES 6 months ago

  • Status changed from New to Rejected
Actions

Also available in: Atom PDF