Uploaded image for project: 'Okapi'
  1. Okapi
  2. OKAPI-967

Clustered Okapi not allowing bootstrapping of superuser

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: TBD
    • Resolution: Done
    • Affects Version/s: 4.4.0, 4.5.0, 4.5.1
    • Fix Version/s: 4.4.2, 4.5.2, 4.6.0
    • Environment:

      Multi-node K8s cluster backed by vSphere
      Dedicated and separate Postgres 11 database hosts for Okapi and Folio modules
      Dockerized Okapi v4.5.0 and/or v4.5.1

    • Template:
      Standard Bug Write-Up Format
    • Sprint:
      CP: sprint 103, CP: sprint 104
    • Story Points:
      1
    • Development Team:
      Core: Platform
    • Affected Institution:
      TAMU

      Description

      When Okapi is running in clustered mode, and has more than 1 running container forming a cluster, the bootstrapping of a superuser fails. It appears that mod-authtoken either doesn't disable for the tenant fast enough, or something is cached in the shared memory map between the Okapis.

      Slack convo here: https://folio-project.slack.com/archives/C58TABALV/p1607647573063900

      Bootstrap superuser K8s Job log:

      Finding module ID for authtoken...OK
      Disabling authtoken for tenant...OK
      Disabled:
      [ {
        "id" : "folio_stripes-core-6.0.0",
        "action" : "disable"
      }, {
        "id" : "folio_tenant-settings-5.0.1",
        "action" : "disable"
      }, {
        "id" : "mod-login-saml-2.0.1",
        "action" : "disable"
      }, {
        "id" : "folio_users-5.0.9",
        "action" : "disable"
      }, {
        "id" : "mod-users-bl-6.1.1",
        "action" : "disable"
      }, {
        "id" : "mod-authtoken-2.6.0",
        "action" : "disable"
      } ]
      Creating user record...OK
      Creating login record...403 Forbidden
      

      mod-permissions logs:

      Dec 11, 2020 12:48:51 AM mod-auth-authtoken-module
      SEVERE: [](user permissions) nor [](module permissions) do not contain login.item.post
      Dec 11, 2020 12:48:51 AM mod-auth-authtoken-module
      SEVERE: Access requires permission: login.item.post
      Dec 11, 2020 12:49:33 AM mod-auth-authtoken-module
      SEVERE: [](user permissions) nor [](module permissions) do not contain configuration.entries.collection.get
      Dec 11, 2020 12:49:33 AM mod-auth-authtoken-module
      SEVERE: Access requires permission: configuration.entries.collection.get
      Dec 11, 2020 12:49:33 AM mod-auth-authtoken-module
      SEVERE: [](user permissions) nor [](module permissions) do not contain configuration.entries.collection.get
      Dec 11, 2020 12:49:33 AM mod-auth-authtoken-module
      SEVERE: Access requires permission: configuration.entries.collection.get
      Dec 11, 2020 12:49:33 AM mod-auth-authtoken-module
      SEVERE: [](user permissions) nor [](module permissions) do not contain configuration.entries.collection.get
      Dec 11, 2020 12:49:33 AM mod-auth-authtoken-module
      SEVERE: Access requires permission: configuration.entries.collection.get
      Dec 11, 2020 12:49:33 AM mod-auth-authtoken-module
      SEVERE: [](user permissions) nor [](module permissions) do not contain configuration.entries.collection.get
      Dec 11, 2020 12:49:33 AM mod-auth-authtoken-module
      SEVERE: Access requires permission: configuration.entries.collection.get
      Dec 11, 2020 12:50:33 AM mod-auth-authtoken-module
      SEVERE: [](user permissions) nor [](module permissions) do not contain configuration.entries.collection.get
      Dec 11, 2020 12:50:33 AM mod-auth-authtoken-module
      SEVERE: Access requires permission: configuration.entries.collection.get
      Dec 11, 2020 12:50:33 AM mod-auth-authtoken-module
      SEVERE: [](user permissions) nor [](module permissions) do not contain configuration.entries.collection.get
      Dec 11, 2020 12:50:33 AM mod-auth-authtoken-module
      SEVERE: Access requires permission: configuration.entries.collection.get
      Dec 11, 2020 12:50:33 AM mod-auth-authtoken-module
      SEVERE: [](user permissions) nor [](module permissions) do not contain configuration.entries.collection.get
      Dec 11, 2020 12:50:33 AM mod-auth-authtoken-module
      SEVERE: Access requires permission: configuration.entries.collection.get
      Dec 11, 2020 12:51:33 AM mod-auth-authtoken-module
      SEVERE: [](user permissions) nor [](module permissions) do not contain configuration.entries.collection.get
      Dec 11, 2020 12:51:33 AM mod-auth-authtoken-module
      SEVERE: Access requires permission: configuration.entries.collection.get
      Dec 11, 2020 12:51:33 AM mod-auth-authtoken-module
      SEVERE: [](user permissions) nor [](module permissions) do not contain configuration.entries.collection.get
      Dec 11, 2020 12:51:33 AM mod-auth-authtoken-module
      SEVERE: Access requires permission: configuration.entries.collection.get
      Dec 11, 2020 12:51:33 AM mod-auth-authtoken-module
      SEVERE: [](user permissions) nor [](module permissions) do not contain configuration.entries.collection.get
      Dec 11, 2020 12:51:33 AM mod-auth-authtoken-module
      SEVERE: Access requires permission: configuration.entries.collection.get
      Dec 11, 2020 12:51:33 AM mod-auth-authtoken-module
      SEVERE: [](user permissions) nor [](module permissions) do not contain configuration.entries.collection.get
      Dec 11, 2020 12:51:33 AM mod-auth-authtoken-module
      SEVERE: Access requires permission: configuration.entries.collection.get
      

      After spinning Okapi down to 1, re-enabling the modules that were disabled by the bootstrap superuser script, I then ran it again with a new userid. It was successful. Spinning up to 3, running with yet another userid, it failed again.

        TestRail: Results

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                adam Adam Dickmeiss
                Reporter:
                jroot Jason Root
                Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    TestRail: Runs

                      TestRail: Cases