Dashboard apps fails with group errors

Hi
We’ve got some users who are getting an error when attempting to log in .

The dashboard app fails if the user is in a group that is not listed. it looks like it is a problem in the application and not Phusion Passenger application.

I get the following errors

I can’t seem to find where the group error is on the system.

  1. Is user/group data cached elsewhere?
  2. Where can I change the dashboard code to ignore group errors?
The Phusion Passenger application server tried to start the web application. But the application itself (and not Passenger) encountered an internal error.
can't find group for 100187 (ArgumentError)
  /var/www/ood/apps/sys/dashboard/vendor/bundle/ruby/2.4.0/gems/ood_support-0.0.3/lib/ood_support/group.rb:20:in `getgrgid'
  /var/www/ood/apps/sys/dashboard/vendor/bundle/ruby/2.4.0/gems/ood_support-0.0.3/lib/ood_support/group.rb:20:in `initialize'
  /var/www/ood/apps/sys/dashboard/vendor/bundle/ruby/2.4.0/gems/ood_support-0.0.3/lib/ood_support/process.rb:19:in `new'
  /var/www/ood/apps/sys/dashboard/vendor/bundle/ruby/2.4.0/gems/ood_support-0.0.3/lib/ood_support/process.rb:19:in `block in groups'
  /var/www/ood/apps/sys/dashboard/vendor/bundle/ruby/2.4.0/gems/ood_support-0.0.3/lib/ood_support/process.rb:19:in `map'
  /var/www/ood/apps/sys/dashboard/vendor/bundle/ruby/2.4.0/gems/ood_support-0.0.3/lib/ood_support/process.rb:19:in `groups'
  /var/www/ood/apps/sys/dashboard/config/initializers/ood.rb:14:in `<top (required)>'
  /var/www/ood/apps/sys/dashboard/vendor/bundle/ruby/2.4.0/gems/activesupport-4.2.11/lib/active_support/dependencies.rb:268:in `load'
  /var/www/ood/apps/sys/dashboard/vendor/bundle/ruby/2.4.0/gems/activesupport-4.2.11/lib/active_support/dependencies.rb:268:in `block in load'
  /var/www/ood/apps/sys/dashboard/vendor/bundle/ruby/2.4.0/gems/activesupport-4.2.11/lib/active_support/dependencies.rb:240:in `load_dependency'
  /var/www/ood/apps/sys/dashboard/vendor/bundle/ruby/2.4.0/gems/activesupport-4.2.11/lib/active_support/dependencies.rb:268:in `load'
  /var/www/ood/apps/sys/dashboard/vendor/bundle/ruby/2.4.0/gems/railties-4.2.11/lib/rails/engine.rb:652:in `block in load_config_initializer'
  /var/www/ood/apps/sys/dashboard/vendor/bundle/ruby/2.4.0/gems/activesupport-4.2.11/lib/active_support/notifications.rb:166:in `instrument'
  /var/www/ood/apps/sys/dashboard/vendor/bundle/ruby/2.4.0/gems/railties-4.2.11/lib/rails/engine.rb:651:in `load_config_initializer'
  /var/www/ood/apps/sys/dashboard/vendor/bundle/ruby/2.4.0/gems/railties-4.2.11/lib/rails/engine.rb:616:in `block (2 levels) in <class:Engine>'
  /var/www/ood/apps/sys/dashboard/vendor/bundle/ruby/2.4.0/gems/railties-4.2.11/lib/rails/engine.rb:615:in `each'
  /var/www/ood/apps/sys/dashboard/vendor/bundle/ruby/2.4.0/gems/railties-4.2.11/lib/rails/engine.rb:615:in `block in <class:Engine>'
  /var/www/ood/apps/sys/dashboard/vendor/bundle/ruby/2.4.0/gems/railties-4.2.11/lib/rails/initializable.rb:30:in `instance_exec'
  /var/www/ood/apps/sys/dashboard/vendor/bundle/ruby/2.4.0/gems/railties-4.2.11/lib/rails/initializable.rb:30:in `run'
  /var/www/ood/apps/sys/dashboard/vendor/bundle/ruby/2.4.0/gems/railties-4.2.11/lib/rails/initializable.rb:55:in `block in run_initializers'
  /opt/rh/rh-ruby24/root/usr/share/ruby/tsort.rb:228:in `block in tsort_each'
  /opt/rh/rh-ruby24/root/usr/share/ruby/tsort.rb:350:in `block (2 levels) in each_strongly_connected_component'
  /opt/rh/rh-ruby24/root/usr/share/ruby/tsort.rb:422:in `block (2 levels) in each_strongly_connected_component_from'
  /opt/rh/rh-ruby24/root/usr/share/ruby/tsort.rb:431:in `each_strongly_connected_component_from'
  /opt/rh/rh-ruby24/root/usr/share/ruby/tsort.rb:421:in `block in each_strongly_connected_component_from'
  /var/www/ood/apps/sys/dashboard/vendor/bundle/ruby/2.4.0/gems/railties-4.2.11/lib/rails/initializable.rb:44:in `each'
  /var/www/ood/apps/sys/dashboard/vendor/bundle/ruby/2.4.0/gems/railties-4.2.11/lib/rails/initializable.rb:44:in `tsort_each_child'
  /opt/rh/rh-ruby24/root/usr/share/ruby/tsort.rb:415:in `call'
  /opt/rh/rh-ruby24/root/usr/share/ruby/tsort.rb:415:in `each_strongly_connected_component_from'
  /opt/rh/rh-ruby24/root/usr/share/ruby/tsort.rb:349:in `block in each_strongly_connected_component'
  /opt/rh/rh-ruby24/root/usr/share/ruby/tsort.rb:347:in `each'
  /opt/rh/rh-ruby24/root/usr/share/ruby/tsort.rb:347:in `call'
  /opt/rh/rh-ruby24/root/usr/share/ruby/tsort.rb:347:in `each_strongly_connected_component'
  /opt/rh/rh-ruby24/root/usr/share/ruby/tsort.rb:226:in `tsort_each'
  /opt/rh/rh-ruby24/root/usr/share/ruby/tsort.rb:205:in `tsort_each'
  /var/www/ood/apps/sys/dashboard/vendor/bundle/ruby/2.4.0/gems/railties-4.2.11/lib/rails/initializable.rb:54:in `run_initializers'
  /var/www/ood/apps/sys/dashboard/vendor/bundle/ruby/2.4.0/gems/railties-4.2.11/lib/rails/application.rb:352:in `initialize!'
  /var/www/ood/apps/sys/dashboard/config/environment.rb:5:in `<top (required)>'
  config.ru:3:in `require'
  config.ru:3:in `block in <main>'
  /var/www/ood/apps/sys/dashboard/vendor/bundle/ruby/2.4.0/gems/rack-1.6.11/lib/rack/builder.rb:55:in `instance_eval'
  /var/www/ood/apps/sys/dashboard/vendor/bundle/ruby/2.4.0/gems/rack-1.6.11/lib/rack/builder.rb:55:in `initialize'
  config.ru:1:in `new'
  config.ru:1:in `<main>'
  /opt/ood/ondemand/root/usr/share/passenger/helper-scripts/rack-loader.rb:96:in `eval'
  /opt/ood/ondemand/root/usr/share/passenger/helper-scripts/rack-loader.rb:96:in `load_app'
  /opt/ood/ondemand/root/usr/share/passenger/helper-scripts/rack-loader.rb:116:in `block in <module:App>'
  /opt/ood/ondemand/root/usr/share/ruby/vendor_ruby/phusion_passenger/loader_shared_helpers.rb:380:in `run_block_and_record_step_progress'
  /opt/ood/ondemand/root/usr/share/passenger/helper-scripts/rack-loader.rb:115:in `<module:App>'
  /opt/ood/ondemand/root/usr/share/passenger/helper-scripts/rack-loader.rb:28:in `<module:PhusionPassenger>'
  /opt/ood/ondemand/root/usr/share/passenger/helper-scripts/rack-loader.rb:27:in `<main>'

Hey Clyde! Good to hear from you.

We use the Etc module that likely makes sys calls. Which is to say, it likely relies on your LDAP. It’s probably functionally equivalent to the groups command or id, how those commands get populated.

In fact this issue is coming from an initializer in a configured file: /var/www/ood/apps/sys/dashboard/config/initializers/ood.rb. We’re adding file browser dropdowns based off of the group id. If this isn’t nessicary, or you don’t have or want those dropdowns, then you can safely remove that portion. It’s purely addititve so it’s safe to remove.

Though we rely on userids and group ids in all sorts of places, so even if you don’t need that portion, or that feature, you may run into similar errors.

You can provide the whole file here and we can sort out what you’d want to keep and what you can throw away.

Thanks Jeff
We are using groups for access to some portions, I want to not have the app crash if it encounters an error on retrieving groups.

We have v1.35.3

# /etc/ood/config/apps/dashboard/initializers/ood.rb

OodFilesApp.candidate_favorite_paths.tap do |paths|
  # add project space directories
  projects = User.new.groups.map(&:name).grep(/^P./)
  paths.concat projects.map { |p| Pathname.new("/fs/project/#{p}")  }

  # add scratch space directories
  paths << Pathname.new("/work")
  paths << Pathname.new("/scratch")
end

# only show develop dropdown to users in group 'RSI-A-EC-HubDeveloper'
Configuration.app_development_enabled = OodSupport::Process.groups.include?(
  OodSupport::Group.new("RSI-A-EC-HubDeveloper")
)


This should work for you, to catch the exception.

# /etc/ood/config/apps/dashboard/initializers/ood.rb

OodFilesApp.candidate_favorite_paths.tap do |paths|
  # add project space directories
  projects = User.new.groups.map(&:name).grep(/^P./)
  paths.concat projects.map { |p| Pathname.new("/fs/project/#{p}")  }

  # add scratch space directories
  paths << Pathname.new("/work")
  paths << Pathname.new("/scratch")
end

dev_enabled = false
begin
  # only show develop dropdown to users in group 'RSI-A-EC-HubDeveloper'
  # and catch the error if you can't determine the group
  dev_enabled = OodSupport::Process.groups.include?(
    OodSupport::Group.new("RSI-A-EC-HubDeveloper")
  )
rescue => e
  Rails.logger.error "Can't determine developer group memebership because #{e.message}"
end

Configuration.app_development_enabled = dev_enabled

To the actual error though, 100187 looks like a subgid, is that right? Is this in a rootless container? OOD takes id/gids from the process. I guess it got the subgid from the host when it should have gotten what it was mapped to in the container?

We’re using SSSD to pull groups from an active directory server. This is not in a container, but the global GID’s change frequently and we run into errors when the AD servers are not yet synchronized.

I’ll give this a try and report back