Skip to content

GitLab

  • Menu
    • Projects Groups Snippets
      Help
Projects Groups Snippets
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • G gitlabhq1
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 21
    • Issues 21
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 12
    • Merge requests 12
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Packages & Registries
    • Packages & Registries
    • Package Registry
    • Infrastructure Registry
  • Analytics
    • Analytics
    • CI/CD
    • Repository
    • Value stream
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • gpt
  • large_projects
  • gitlabhq1
  • Issues
  • #8292

Closed
Open
Created 10 years ago by Administrator@rootOwner
  • New issue

  • Report abuse

  • New issue

  • Report abuse

During restore of gitlab-7.4.3-omnibus: "ERROR: must be owner of extension plpgsql"

Closed

During restore of gitlab-7.4.3-omnibus: "ERROR: must be owner of extension plpgsql"

Created by: ghost

I'm attempting to migrate an Omnibus GitLab 7.4.3 hosted on CentOS6 to another CentOS6 machine, using backup and restore. The source instance runs "gitlab-rake gitlab:backup:create" every night, and I copied the resulting tarball to the freshly installed destination instance, where I then tried:

gitlab-rake gitlab:backup:restore BACKUP=1415689405

This results in one error, and several warnings. The error comes right at the start:

Unpacking backup ... done
Restoring database ...
Restoring PostgreSQL database gitlabhq_production ... SET
SET
SET
SET
SET
CREATE EXTENSION
psql:/var/opt/gitlab/backups/db/database.sql:22: ERROR:  must be owner of extension plpgsql

but this does not seem immediately fatal, it continues with printing database statements (why are these echo'd anyway?):

SET
CREATE SEQUENCE
ALTER TABLE
[...]

This goes on for some time, and after a while it prints these warnings:

[...]
ALTER TABLE
psql:/var/opt/gitlab/backups/db/database.sql:15761: WARNING:  no privileges could be revoked for "public"
REVOKE
psql:/var/opt/gitlab/backups/db/database.sql:15762: WARNING:  no privileges could be revoked for "public"
REVOKE
psql:/var/opt/gitlab/backups/db/database.sql:15763: WARNING:  no privileges were granted for "public"
GRANT
psql:/var/opt/gitlab/backups/db/database.sql:15764: WARNING:  no privileges were granted for "public"
GRANT
[DONE]

I saw something that looked like the "must be owner" error in #6067 (closed), but that issue appears to have been closed due to a timeout, without a real resolution.

Any idea whether the restored instance will now have a correct database? The line 22 about which the error is reported just has:

COMMENT ON EXTENSION plpgsql IS 'PL/pgSQL procedural language';

while lines 15761 through 15764 are:

REVOKE ALL ON SCHEMA public FROM PUBLIC;
REVOKE ALL ON SCHEMA public FROM "gitlab-psql";
GRANT ALL ON SCHEMA public TO "gitlab-psql";
GRANT ALL ON SCHEMA public TO PUBLIC;

Linked issues
0

Related merge requests

  • Administrator
    Administrator @root · 10 years ago
    Owner

    Created by: ghost

    The error about the plpgsql extension seems to be correct indeed, since the extension is created via /opt/gitlab/embedded/service/gitlab-rails/db/schema.rb, and I suppose the whole schema setup is run as the PostgreSQL superuser (e.g. gitlab-psql).

    If I run a restore operation from the created database dump as the gitlab-psql user, it works without any error or warning (note that I added the --clean option to pg_dump to ensure the tables are dropped before restoring):

    $ whoami
    gitlab-psql
    $ pg_dump -f test.sql --clean gitlabhq_production
    $ ls -l test.sql
    -rw-rw-r--. 1 gitlab-psql gitlab-psql 10257229 Nov 15 17:07 test.sql
    $ psql -f test.sql gitlabhq_production
    SET
    SET
    SET
    SET
    SET
    SET
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    DROP TABLE
    DROP SEQUENCE
    DROP TABLE
    DROP SEQUENCE
    DROP TABLE
    DROP SEQUENCE
    DROP TABLE
    DROP SEQUENCE
    DROP TABLE
    DROP SEQUENCE
    DROP TABLE
    DROP SEQUENCE
    DROP TABLE
    DROP SEQUENCE
    DROP TABLE
    DROP TABLE
    DROP SEQUENCE
    DROP TABLE
    DROP SEQUENCE
    DROP TABLE
    DROP SEQUENCE
    DROP TABLE
    DROP SEQUENCE
    DROP TABLE
    DROP SEQUENCE
    DROP TABLE
    DROP SEQUENCE
    DROP TABLE
    DROP SEQUENCE
    DROP TABLE
    DROP SEQUENCE
    DROP TABLE
    DROP SEQUENCE
    DROP TABLE
    DROP SEQUENCE
    DROP TABLE
    DROP SEQUENCE
    DROP TABLE
    DROP SEQUENCE
    DROP TABLE
    DROP SEQUENCE
    DROP TABLE
    DROP SEQUENCE
    DROP TABLE
    DROP SEQUENCE
    DROP TABLE
    DROP SEQUENCE
    DROP TABLE
    DROP SEQUENCE
    DROP EXTENSION
    DROP SCHEMA
    CREATE SCHEMA
    ALTER SCHEMA
    COMMENT
    CREATE EXTENSION
    COMMENT
    SET
    CREATE SEQUENCE
    ALTER TABLE
    SET
    SET
    CREATE TABLE
    ALTER TABLE
    CREATE SEQUENCE
    ALTER TABLE
    CREATE TABLE
    ALTER TABLE
    CREATE SEQUENCE
    ALTER TABLE
    CREATE TABLE
    ALTER TABLE
    CREATE SEQUENCE
    ALTER TABLE
    CREATE TABLE
    ALTER TABLE
    CREATE SEQUENCE
    ALTER TABLE
    CREATE TABLE
    ALTER TABLE
    CREATE SEQUENCE
    ALTER TABLE
    CREATE TABLE
    ALTER TABLE
    CREATE SEQUENCE
    ALTER TABLE
    CREATE TABLE
    ALTER TABLE
    CREATE SEQUENCE
    ALTER TABLE
    CREATE TABLE
    ALTER TABLE
    CREATE SEQUENCE
    ALTER TABLE
    CREATE TABLE
    ALTER TABLE
    CREATE SEQUENCE
    ALTER TABLE
    CREATE TABLE
    ALTER TABLE
    CREATE SEQUENCE
    ALTER TABLE
    CREATE TABLE
    ALTER TABLE
    CREATE SEQUENCE
    ALTER TABLE
    CREATE TABLE
    ALTER TABLE
    CREATE SEQUENCE
    ALTER TABLE
    CREATE TABLE
    ALTER TABLE
    CREATE SEQUENCE
    ALTER TABLE
    CREATE TABLE
    ALTER TABLE
    CREATE SEQUENCE
    ALTER TABLE
    CREATE TABLE
    ALTER TABLE
    CREATE SEQUENCE
    ALTER TABLE
    CREATE TABLE
    ALTER TABLE
    CREATE SEQUENCE
    ALTER TABLE
    CREATE TABLE
    ALTER TABLE
    CREATE TABLE
    ALTER TABLE
    CREATE SEQUENCE
    ALTER TABLE
    CREATE TABLE
    ALTER TABLE
    CREATE SEQUENCE
    ALTER TABLE
    CREATE TABLE
    ALTER TABLE
    CREATE SEQUENCE
    ALTER TABLE
    CREATE TABLE
    ALTER TABLE
    CREATE SEQUENCE
    ALTER TABLE
    CREATE TABLE
    ALTER TABLE
    CREATE SEQUENCE
    ALTER TABLE
    CREATE TABLE
    ALTER TABLE
    CREATE SEQUENCE
    ALTER TABLE
    CREATE TABLE
    ALTER TABLE
    CREATE SEQUENCE
    ALTER TABLE
    CREATE TABLE
    ALTER TABLE
     setval
    --------
          1
    (1 row)
    
     setval
    --------
          3
    (1 row)
    
     setval
    --------
          2
    (1 row)
    
     setval
    --------
      14777
    (1 row)
    
     setval
    --------
          1
    (1 row)
    
     setval
    --------
          1
    (1 row)
    
     setval
    --------
        188
    (1 row)
    
     setval
    --------
          1
    (1 row)
    
     setval
    --------
          1
    (1 row)
    
     setval
    --------
       1935
    (1 row)
    
     setval
    --------
          8
    (1 row)
    
     setval
    --------
         10
    (1 row)
    
     setval
    --------
          1
    (1 row)
    
     setval
    --------
         73
    (1 row)
    
     setval
    --------
        203
    (1 row)
    
     setval
    --------
        139
    (1 row)
    
     setval
    --------
          9
    (1 row)
    
     setval
    --------
         78
    (1 row)
    
     setval
    --------
          4
    (1 row)
    
     setval
    --------
          1
    (1 row)
    
     setval
    --------
          1
    (1 row)
    
     setval
    --------
         68
    (1 row)
    
     setval
    --------
          2
    (1 row)
    
     setval
    --------
         58
    (1 row)
    
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    ALTER TABLE
    REVOKE
    REVOKE
    GRANT
    GRANT

    I think you can possibly argue that this is a PostgreSQL weirdness, in that non-superuser database users can dump their databases, but the dumps will contain statements modifying objects they don't own. The discussion here on the pgsql-general mailing list seems to indicate the extension should have been created by the gitlab user instead.

    Even then, the 'no privileges could be revoked for "public"' warnings will appear, but these appear to benign, as mentioned here on the pgsql-admin mailing list.

    I'm not sure whether it is easily possible to let the database backup/restore run as the PostgreSQL superuser (gitlab-psql) instead of the gitlab user, that would probably be the best solution.

    Alternatively, the following statements which always fail could be filtered out of the dump:

    COMMENT ON EXTENSION plpgsql IS 'PL/pgSQL procedural language';
    REVOKE ALL ON SCHEMA public FROM PUBLIC;
    REVOKE ALL ON SCHEMA public FROM "gitlab-psql";
    GRANT ALL ON SCHEMA public TO "gitlab-psql";
    GRANT ALL ON SCHEMA public TO PUBLIC;

    I assume these comments and grant/revokes are unnecessary after the initial PostgreSQL setup which is done by Chef during gitlab-ctl reconfigure.

    By Administrator on 2014-11-15T16:22:08 (imported from GitLab project)

  • Administrator
    Administrator @root · 10 years ago
    Owner

    Created by: phillxnet

    I have just had a near identical situation when restoring a backup made on one machine to another. The target machine had a fresh install of gitlab_7.5.1-omnibus.5.2.0.ci-1_amd64.deb (ie only one prior run of sudo gitlab-ctl reconfigure) on a fresh Ubuntu 14.04.1 server install:-

    Restoring database ... Restoring PostgreSQL database gitlabhq_production ... SET SET SET SET SET CREATE EXTENSION psql:/var/opt/gitlab/backups/db/database.sql:22: ERROR: must be owner of extension plpgsql SET SET SET CREATE TABLE

    and much further down:-

    CREATE INDEX CREATE INDEX psql:/var/opt/gitlab/backups/db/database.sql:2610: WARNING: no privileges could be revoked for "public" REVOKE psql:/var/opt/gitlab/backups/db/database.sql:2611: WARNING: no privileges could be revoked for "public" REVOKE psql:/var/opt/gitlab/backups/db/database.sql:2612: WARNING: no privileges were granted for "public" GRANT psql:/var/opt/gitlab/backups/db/database.sql:2613: WARNING: no privileges were granted for "public" GRANT [DONE] done Restoring repositories ... These all looked good [DONE]

    Can we assume this is a viable restore as the error is at least unsettling. I am less familiar with sql db than the OP but happy to help via specific instructions / more info if need be. Thanks to all who are involved in gitlab.

    By Administrator on 2014-11-28T20:43:33 (imported from GitLab project)

  • You're only seeing other activity in the feed. To add a comment, switch to one of the following options.
Please register or sign in to reply
0 Assignees
Assign to
Milestone
No milestone
None
None
Time tracking
Due date
None
None
0
Labels
None
Assign labels
  • No matching results
  • Manage project labels
Confidentiality
Not confidential

You are going to turn on confidentiality. Only team members with at least Reporter access will be able to see and leave comments on the issue.

Lock issue
Unlocked
participants
Reference:

Menu

Projects Groups Snippets
Help