Page MenuHomePhabricator
Create Task
Maniphest T296550

puppetdb postgress server: fix dependcey loop
Closed, ResolvedPublic
Actions

Description

in profile::puppetdb::database we have the following dependency: Postgresql::User<| |> -> Postgresql::Db<| |>. however this causes an unrecoverable loop where the users cant be created as the user resource also tries to grant permissions to a specific database. however the db dosn;t exists leading to the following puppet output

Notice: /Stage[main]/Puppet_compiler/Exec[install compiler]: Triggered 'refresh' from 1 event
Notice: /Stage[main]/Profile::Puppetdb::Database/Postgresql::User[puppetdb_ro@localhost]/Postgresql::Db_grant[grant access to puppetdb_ro@localhost on puppetdb]/Exec[db_grant: exec table grants grant access to puppetdb_ro@localhost on puppetdb]/returns: psql: FATAL:  database "puppetdb" does not exist
Error: '/usr/bin/psql --tuples-only --no-align  -c 'GRANT SELECT ON ALL TABLES IN SCHEMA "public" TO puppetdb_ro' puppetdb' returned 2 instead of one of [0]
Error: /Stage[main]/Profile::Puppetdb::Database/Postgresql::User[puppetdb_ro@localhost]/Postgresql::Db_grant[grant access to puppetdb_ro@localhost on puppetdb]/Exec[db_grant: exec table grants grant access to puppetdb_ro@localhost on puppetdb]/returns: change from 'notrun' to ['0'] failed: '/usr/bin/psql --tuples-only --no-align  -c 'GRANT SELECT ON ALL TABLES IN SCHEMA "public" TO puppetdb_ro' puppetdb' returned 2 instead of one of [0] (corrective)
Notice: /Stage[main]/Profile::Puppetdb::Database/Postgresql::User[puppetdb_ro@localhost]/Postgresql::Db_grant[grant access to puppetdb_ro@localhost on puppetdb]/Exec[db_grant: exec sequence grants grant access to puppetdb_ro@localhost on puppetdb]/returns: psql: FATAL:  database "puppetdb" does not exist
Error: '/usr/bin/psql --tuples-only --no-align  -c 'GRANT USAGE ON ALL SEQUENCES IN SCHEMA "public" TO puppetdb_ro' puppetdb' returned 2 instead of one of [0]
Error: /Stage[main]/Profile::Puppetdb::Database/Postgresql::User[puppetdb_ro@localhost]/Postgresql::Db_grant[grant access to puppetdb_ro@localhost on puppetdb]/Exec[db_grant: exec sequence grants grant access to puppetdb_ro@localhost on puppetdb]/returns: change from 'notrun' to ['0'] failed: '/usr/bin/psql --tuples-only --no-align  -c 'GRANT USAGE ON ALL SEQUENCES IN SCHEMA "public" TO puppetdb_ro' puppetdb' returned 2 instead of one of [0] (corrective)
Notice: /Stage[main]/Profile::Puppetdb::Database/Postgresql::User[puppetdb_ro@localhost]/Postgresql::Db_grant[grant access to puppetdb_ro@localhost on puppetdb]/Exec[db_grant: exec function grants grant access to puppetdb_ro@localhost on puppetdb]/returns: psql: FATAL:  database "puppetdb" does not exist
Error: '/usr/bin/psql --tuples-only --no-align  -c 'GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA "public" TO puppetdb_ro' puppetdb' returned 2 instead of one of [0]
Error: /Stage[main]/Profile::Puppetdb::Database/Postgresql::User[puppetdb_ro@localhost]/Postgresql::Db_grant[grant access to puppetdb_ro@localhost on puppetdb]/Exec[db_grant: exec function grants grant access to puppetdb_ro@localhost on puppetdb]/returns: change from 'notrun' to ['0'] failed: '/usr/bin/psql --tuples-only --no-align  -c 'GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA "public" TO puppetdb_ro' puppetdb' returned 2 instead of one of [0] (corrective)

which is cause by the following error

 sudo -u postgres /usr/bin/psql --tuples-only --no-align  -c 'GRANT SELECT ON ALL TABLES IN SCHEMA "public" TO puppetdb_ro' puppetdb
psql: FATAL:  database "puppetdb" does not exist

As a quick fix i manully ran

$ sudo systemctl restart postgres
$ sudo -u postgres /usr/bin/createdb --owner='puppetdb' puppetdb

Details

SubjectRepoBranchLines +/-
puppetdb: create dbs before grantsoperations/puppetproduction+2 -2
Customize query in gerrit

Related Objects

Event Timeline

jbond triaged this task as Medium priority.Nov 26 2021, 4:23 PM
jbond created this task.
Restricted Application added a project: Infrastructure-Foundations. · View Herald TranscriptNov 26 2021, 4:23 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
jbond updated the task description. (Show Details)Nov 26 2021, 4:24 PM
jbond updated the task description. (Show Details)Dec 10 2021, 12:51 PM
gerritbot added a comment.May 27 2022, 8:44 AM

Change 800031 had a related patch set uploaded (by Filippo Giunchedi; author: Filippo Giunchedi):

[operations/puppet@production] puppetdb: create dbs before grants

https://gerrit.wikimedia.org/r/800031

gerritbot added a project: Patch-For-Review.May 27 2022, 8:44 AM
jbond added a comment.May 27 2022, 9:37 AM

With filippos latest patch the only outstanding error is

May 27 08:10:10 filippo-pdb-01 puppet-agent[17242]: (/Stage[main]/Postgresql::Server/Exec[pgreload]/returns) pg_ctl: directory "/srv/postgres/11/main" is not a database cluster directory
May 27 08:10:10 filippo-pdb-01 puppet-agent[17242]: (/Stage[main]/Postgresql::Server/Exec[pgreload]) Failed to call refresh: '/usr/bin/pg_ctlcluster 11 main reload' returned 1 instead of one of [0]

see P28628

gerritbot added a comment.May 30 2022, 7:40 AM

Change 800031 merged by Filippo Giunchedi:

[operations/puppet@production] puppetdb: create dbs before grants

https://gerrit.wikimedia.org/r/800031

Maintenance_bot removed a project: Patch-For-Review.May 30 2022, 8:30 AM
jbond edited projects, added Puppet-Infrastructure, Maps, PostgreSQL; removed Puppet.Jun 12 2023, 5:25 PM
jbond added a subscriber: hnowlan.

@hnowlan fyi there may be some of this going on im not sure

jhathaway claimed this task.Nov 20 2023, 4:05 PM
jhathaway closed this task as Resolved.Nov 20 2023, 10:00 PM
jhathaway added a subscriber: fgiunchedi.

In my testing this has been resolved by @fgiunchedi's patch

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL