Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backup hotfix script #15260

Merged
merged 36 commits into from
Jun 10, 2024
Merged

Backup hotfix script #15260

merged 36 commits into from
Jun 10, 2024

Conversation

jbradberry
Copy link
Contributor

@jbradberry jbradberry commented Jun 7, 2024
edited
Loading

SUMMARY

This PR moves the hotfix script for the backup/restore Role cross-linking problem into AWX.

The role_check.py script has already been used by several customers.

Also, QE is working on a pipeline that makes use of it in testing. @jay-steurer

ISSUE TYPE
  • Bug, Docs Fix or other nominal change
COMPONENT NAME
  • API

@jbradberry
Initial check
2ddef34
@jbradberry
Print out details of all of the crosslinked roles
365f798
@jbradberry
Specifically examine the InstanceGroup roles
052b1da
@jbradberry
First full check script
1c8be2c 
This version emits the first fix-up script as its output.
@jbradberry
Attempt to be more efficient about grouping the content types
689b9f3 
Also, attempt to rebuild the role ancestors in the fixup script.
@jbradberry
When checking reverse links, treat duplicate Roles different from bad…
08da0a6 
… ones

Also, null out the generic foreign key on orphaned roles before deleting.
@jbradberry
Set up Seth's bad role scenario
ce9368d
@jbradberry
Set up an enhanced version of Seth's bad role scenario
1e0d5b1
@jbradberry
Treat resources with null role fks differently
1401be7 
The underlying role should be re-linked, instead of treated as orphaned.
@jbradberry
Start a new script that can be used to examine a Role's ancestry
73025f3
@jbradberry
Make the role_chain.py script emit a Graphviz file
3e4bdb1 
of the Role relationships.
@jbradberry
Check for a broken ContentType -> model and log and skip
8068a32 
Apparently this has happened to a customer, per Nate Becker.
@jbradberry
Graph out only the parent/child chains from a given Role
e76a0ad 
Doing the entire graph is too much on any system with real amounts of Roles.
@jbradberry
Handle the case where a resource points to a Role which isn't in the db
08b4676
@jbradberry
Set up a scenario where IG.use_role_id points to something no longer …
d43946e 
…there

This is actually happening for one customer, though it seems like it
shouldn't be if the foreign key constraint is set back up properly.
In order to recreate it, I had to add the constraint back with 'NOT
VALID' added on to prevent the check.
@jbradberry
First cut at checking the role hierarchy
c45bcb7 
Checking if parents and implicit_parents are consistent with ancestors.
@jbradberry
Attempt to more thoroughly check the parents of each Role
e4d1053 
This version, however, has false positives because Roles become
children of Team.member_role when a Role is granted to a Team.
@jbradberry
Exclude the team grant false positives
923311d 
The results in my test now look correct.
@jbradberry
Modify the role parent check logic to stay in the roles as much as po…
c2dcbf8 
…ssible

since the foreign keys to the roles from the resources can make us go
wrong almost immediately.
@jbradberry
Exclude more files in the .gitignore
804faf2
@jbradberry
Attempt to correct any crosslinked parents
1c4ddf5 
I think that rebuild_role_ancestor_list() will then correctly update
all of the affected Role.ancestors.
@jbradberry
Remove the role_chain.py module
4428484 
it wound up being unworkable, and I think ultimately we only need to
check the immediate parentage of each role.
@jbradberry
Move the "test" files into their own directory
a790c9c
@jbradberry
First cut at detecting which foreign keys enter and exit the topology…
6154aa1 
… tables
@jbradberry
Filter out the relations within the known topology tables
3553443
@jbradberry
Split the foreign key sql script into an 'into' and 'from' portion
dbdfa74 
Also, make use of up-front defined arrays of the tables involved, for
ease of editing in the future.
@jbradberry
Adjusted foreignkeys.sql for correctness
70dfe3a 
Some relationships known to be handled by the special mapping sql file
were being caught as false positives.
@jbradberry
Fix another instance where a bad resource->Role fk could throw a trac…
d3df2d4 
…eback
@jbradberry
Add a readme file with instructions
94f1718
@jbradberry
Do not throw away the container of cross-linked parents
ec6a0aa 
Since we use it twice, the second time to get the id field of each.
@jbradberry jbradberry self-assigned this Jun 7, 2024
@jbradberry jbradberry merged commit aadcc21 into ansible:devel Jun 10, 2024
22 checks passed
@jbradberry jbradberry deleted the backup-hotfix branch June 10, 2024 20:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fosterseth fosterseth fosterseth approved these changes

@chrismeyersfsu chrismeyersfsu Awaiting requested review from chrismeyersfsu

@AlanCoding AlanCoding Awaiting requested review from AlanCoding

@jay-steurer jay-steurer Awaiting requested review from jay-steurer

Assignees

@jbradberry jbradberry

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jbradberry @fosterseth