<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:22:06 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[FOLIO-2633] Jenkins builds broken when okapi-3 until ModuleDescriptors have permissionsRequired, then verify</title>
                <link>https://folio-org.atlassian.net/browse/FOLIO-2633</link>
                <project id="10290" key="FOLIO">FOLIO</project>
                    <description>&lt;p&gt;When okapi-3.0.0 was recently released, the reference environment builds broke with errors of the following form:&lt;/p&gt;

&lt;div class=&quot;preformatted panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;preformattedContent panelContent&quot;&gt;
&lt;pre&gt;Module &apos;mod-authtoken-2.5.0-SNAPSHOT.67&apos; handler /token: Missing field permissionsRequired
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;That one was soon fixed, but then the breakage moved on to the next module.&lt;/p&gt;

&lt;p&gt;Until modules have at least the default empty permissionsRequired array in their ModuleDescriptor, then Okapi has been pinned in folio-ansible to okapi-2.40.0 (&lt;a href=&quot;https://github.com/folio-org/folio-ansible/pull/352&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;pull/352&lt;/a&gt;).&lt;/p&gt;

&lt;p&gt;Note: updating the ref envs to Okapi 3.0 is in scope of this ticket.&lt;/p&gt;

&lt;p&gt;Update: 20200619: Those modules with missing permissionsRequired are fixed.&lt;br/&gt;
Now unpin okapi to current v3 reveals other troubles with refenv builds. Perhaps ansible playbook related.&lt;/p&gt;</description>
                <environment></environment>
        <key id="81697">FOLIO-2633</key>
            <summary>Jenkins builds broken when okapi-3 until ModuleDescriptors have permissionsRequired, then verify</summary>
                <type id="10003" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium">Task</type>
                                            <priority id="10001" iconUrl="https://dev.folio.org/assets/jira-priority/jira-p2.svg">P2</priority>
                        <status id="6" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="green"/>
                                    <resolution id="10003">Done</resolution>
                                                        <assignee accountid="61cd0ca0bce5e00069e98be7">David Crossley</assignee>
                                                                <reporter accountid="61cd0ca0bce5e00069e98be7">David Crossley</reporter>
                                    <labels>
                    </labels>
                <created>Wed, 3 Jun 2020 14:00:20 +0000</created>
                <updated>Thu, 2 Jul 2020 05:00:41 +0000</updated>
                            <resolved>Wed, 1 Jul 2020 13:07:28 +0000</resolved>
                                                                        <due></due>
                            <votes>0</votes>
                                    <watches>7</watches>
                                                                <comments>
                                                            <comment id="198940" author="61cd0ca0bce5e00069e98be7" created="Thu, 4 Jun 2020 11:29:32 +0000"  >&lt;p&gt;There is a branch of folio-ansible to return to okapi-3&lt;/p&gt;

&lt;p&gt;The Jenkins job &quot;&lt;a href=&quot;https://jenkins-aws.indexdata.com/job/Automation/job/folio-testing-test&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;folio-testing-test&lt;/a&gt;&quot; can be used to verify when ready to unpin Okapi to be the current version.&lt;/p&gt;

&lt;p&gt;Do Configure that job to set &quot;Branches to build&quot; to be &quot;refs/heads/folio-2633-monitor-permsrequired&quot;.&lt;/p&gt;

&lt;p&gt;Run the build and search the output for &quot;Missing field permissionsRequired&quot;.&lt;br/&gt;
For example &lt;a href=&quot;https://jenkins-aws.indexdata.com/job/Automation/job/folio-testing-test/73/&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;folio-testing-test/73&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Return configuration to &quot;*/master&quot;&lt;/p&gt;</comment>
                                                            <comment id="198941" author="61cd0ca0bce5e00069e98be7" created="Fri, 5 Jun 2020 01:10:33 +0000"  >&lt;p&gt;As explained above, that Jenkins job shows modules that are completely missing permissionsRequired for some handlers.&lt;/p&gt;

&lt;p&gt;There are four such listed:&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://github.com/folio-org/mod-login-saml/blob/master/descriptors/ModuleDescriptor-template.json&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;mod-login-saml&lt;/a&gt; has 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;MODLOGSAML-60&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/MODLOGSAML-60&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Securing APIs by default&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10309?size=medium&quot; /&gt;
            MODLOGSAML-60
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
 (and has an open pull-request)&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://github.com/folio-org/mod-codex-inventory/blob/master/descriptors/ModuleDescriptor-template.json&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;mod-codex-inventory&lt;/a&gt; has 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;MODCXINV-45&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/MODCXINV-45&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Securing APIs by default&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium&quot; /&gt;
            MODCXINV-45
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
 (and no pull-request yet)&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://github.com/folio-org/mod-graphql/blob/master/ModuleDescriptor.json&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;mod-graphql&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://github.com/folio-org/mod-marccat/blob/master/descriptors/ModuleDescriptor-template.json&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;mod-marccat&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The latter two have no ticket linked via 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;FOLIO-2567&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-2567&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Create following up module tickets after securing API by default&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium&quot; /&gt;
            FOLIO-2567
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
.&lt;br/&gt;
&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3A4f6bed01-40a6-48d5-8471-7ef21f5ea97c&quot; class=&quot;user-hover&quot; rel=&quot;557058:4f6bed01-40a6-48d5-8471-7ef21f5ea97c&quot; data-account-id=&quot;557058:4f6bed01-40a6-48d5-8471-7ef21f5ea97c&quot; accountid=&quot;557058:4f6bed01-40a6-48d5-8471-7ef21f5ea97c&quot; rel=&quot;noreferrer&quot;&gt;Hongwei Ji&lt;/a&gt; or &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5f8314dfbdef80006f6f572d&quot; class=&quot;user-hover&quot; rel=&quot;5f8314dfbdef80006f6f572d&quot; data-account-id=&quot;5f8314dfbdef80006f6f572d&quot; accountid=&quot;5f8314dfbdef80006f6f572d&quot; rel=&quot;noreferrer&quot;&gt;Adam Dickmeiss&lt;/a&gt; I do not have sufficient knowledge to advise, so would you please add a ticket for those (&lt;a href=&quot;https://folio-org.atlassian.net/browse/MODGQL&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;MODGQL&lt;/a&gt; and &lt;a href=&quot;https://folio-org.atlassian.net/browse/MODCAT&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;MODCAT&lt;/a&gt;)&lt;/p&gt;</comment>
                                                            <comment id="198945" author="557058:4f6bed01-40a6-48d5-8471-7ef21f5ea97c" created="Fri, 5 Jun 2020 01:20:43 +0000"  >&lt;p&gt;We only scanned q1 modules. Those two were not part of q1. Do we know who maintains those two modules?&lt;/p&gt;</comment>
                                                            <comment id="198947" author="557058:4f6bed01-40a6-48d5-8471-7ef21f5ea97c" created="Fri, 5 Jun 2020 09:59:54 +0000"  >&lt;p&gt;Added 
    &lt;span class=&quot;jira-issue-macro&quot; data-jira-key=&quot;MODGQL-124&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/MODGQL-124&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Securing APIs by default&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium&quot; /&gt;
            MODGQL-124
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-complete jira-macro-single-issue-export-pdf&quot;&gt;Open&lt;/span&gt;
            &lt;/span&gt;
 and 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;MODCAT-200&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/MODCAT-200&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Securing APIs by default&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium&quot; /&gt;
            MODCAT-200
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
&lt;/p&gt;</comment>
                                                            <comment id="198949" author="61cd0ca0bce5e00069e98be7" created="Thu, 11 Jun 2020 07:33:51 +0000"  >&lt;p&gt;The 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;MODLOGSAML-60&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/MODLOGSAML-60&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Securing APIs by default&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10309?size=medium&quot; /&gt;
            MODLOGSAML-60
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
 and 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;MODCXINV-45&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/MODCXINV-45&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Securing APIs by default&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium&quot; /&gt;
            MODCXINV-45
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
 were done recently.&lt;/p&gt;

&lt;p&gt;Today i added temporary empty permissionsRequired for 
    &lt;span class=&quot;jira-issue-macro&quot; data-jira-key=&quot;MODGQL-124&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/MODGQL-124&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Securing APIs by default&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium&quot; /&gt;
            MODGQL-124
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-complete jira-macro-single-issue-export-pdf&quot;&gt;Open&lt;/span&gt;
            &lt;/span&gt;
 and 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;MODCAT-200&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/MODCAT-200&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Securing APIs by default&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium&quot; /&gt;
            MODCAT-200
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
 to enable this 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;FOLIO-2633&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-2633&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Jenkins builds broken when okapi-3 until ModuleDescriptors have permissionsRequired, then verify&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium&quot; /&gt;
            FOLIO-2633
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
 to proceed.&lt;/p&gt;

&lt;p&gt;Did another test run. See &lt;a href=&quot;https://jenkins-aws.indexdata.com/job/Automation/job/folio-snapshot-test/161/consoleFull&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;folio-snapshot-test 161&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;That run failed. Perhaps a different problem. I attached the okapi log. Would someone please investigate.&lt;/p&gt;</comment>
                                                            <comment id="198953" author="63e2a2771b13d42998e4e706" created="Tue, 16 Jun 2020 11:11:26 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3Ab8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; class=&quot;user-hover&quot; rel=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; data-account-id=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; accountid=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; rel=&quot;noreferrer&quot;&gt;Jakub Skoczen&lt;/a&gt; &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5f8314dfbdef80006f6f572d&quot; class=&quot;user-hover&quot; rel=&quot;5f8314dfbdef80006f6f572d&quot; data-account-id=&quot;5f8314dfbdef80006f6f572d&quot; accountid=&quot;5f8314dfbdef80006f6f572d&quot; rel=&quot;noreferrer&quot;&gt;Adam Dickmeiss&lt;/a&gt; Given that this issue is still outstanding and the hosted environments are not running Okapi 3.x, does that mean that the official version of Okapi for 2020 Q2 will be Okapi 2.x?&lt;/p&gt;</comment>
                                                            <comment id="198955" author="557058:4f6bed01-40a6-48d5-8471-7ef21f5ea97c" created="Tue, 16 Jun 2020 14:30:47 +0000"  >&lt;p&gt;I looked into the attached Okapi log and have an idea why it broke, so I opened 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;OKAPI-859&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/OKAPI-859&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Fail to enable module if tenant API has module permissions&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium&quot; /&gt;
            OKAPI-859
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
.&lt;/p&gt;</comment>
                                                            <comment id="198958" author="61cd0ca0bce5e00069e98be7" created="Thu, 18 Jun 2020 12:58:11 +0000"  >&lt;p&gt;Folowing today&apos;s Okapi v3.1.1 release, i did a new run of Jenkins build &lt;a href=&quot;https://jenkins-aws.indexdata.com/job/Automation/job/folio-snapshot-test/164&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;folio-snapshot-test/164&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;However it fails with this:&lt;/p&gt;
&lt;div class=&quot;preformatted panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;preformattedContent panelContent&quot;&gt;
&lt;pre&gt;...
TASK [folio-ansible/roles/tenant-admin-permissions :
Get all permissionSets not included in other permissionSets excluding okapi] ***
ok: [10.36.1.116]

TASK [folio-ansible/roles/tenant-admin-permissions :
Fail if all permissions not retrieved] ***
fatal: [10.36.1.116]: FAILED! =&amp;gt; {&quot;changed&quot;: false, &quot;msg&quot;:
&quot;Retrieved permissions don&apos;t match total permissions count&quot;}
...
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;Attached the okapi logs. &amp;#8211; later deleted because not needed.&lt;/p&gt;</comment>
                                                            <comment id="198961" author="557058:4f6bed01-40a6-48d5-8471-7ef21f5ea97c" created="Thu, 18 Jun 2020 13:28:42 +0000"  >&lt;p&gt;In Okapi3, we added a feature to automatically generate permission set for module permissions. Seems the ansible script in this line &lt;a href=&quot;https://github.com/folio-org/folio-ansible/blob/85ad9988f3c4fd91cfec35ea515140e0a942f5d5/roles/tenant-admin-permissions/tasks/main.yml#L19&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/folio-ansible/blob/85ad9988f3c4fd91cfec35ea515140e0a942f5d5/roles/tenant-admin-permissions/tasks/main.yml#L19&lt;/a&gt; should be updated to exclude those permissions. The naming convention for those permissions is prefixing with &quot;&lt;b&gt;SYS#&lt;/b&gt;&quot; by the way. &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5c706fbb47a54a6728e59df2&quot; class=&quot;user-hover&quot; rel=&quot;5c706fbb47a54a6728e59df2&quot; data-account-id=&quot;5c706fbb47a54a6728e59df2&quot; accountid=&quot;5c706fbb47a54a6728e59df2&quot; rel=&quot;noreferrer&quot;&gt;Wayne Schneider&lt;/a&gt; and &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5cd423bebc70090d6ce241b1&quot; class=&quot;user-hover&quot; rel=&quot;5cd423bebc70090d6ce241b1&quot; data-account-id=&quot;5cd423bebc70090d6ce241b1&quot; accountid=&quot;5cd423bebc70090d6ce241b1&quot; rel=&quot;noreferrer&quot;&gt;Ian Hardy&lt;/a&gt;, can you take a look? Thanks.&lt;/p&gt;</comment>
                                                            <comment id="198964" author="63e2a2771b13d42998e4e706" created="Thu, 18 Jun 2020 13:32:23 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3A4f6bed01-40a6-48d5-8471-7ef21f5ea97c&quot; class=&quot;user-hover&quot; rel=&quot;557058:4f6bed01-40a6-48d5-8471-7ef21f5ea97c&quot; data-account-id=&quot;557058:4f6bed01-40a6-48d5-8471-7ef21f5ea97c&quot; accountid=&quot;557058:4f6bed01-40a6-48d5-8471-7ef21f5ea97c&quot; rel=&quot;noreferrer&quot;&gt;Hongwei Ji&lt;/a&gt;&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;we added a feature to automatically generate permission set for module permissions&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;Does that mean that the manual permission sets maintained by modules like mod-circulation should be changed back to direct module permissions in the future?&lt;/p&gt;</comment>
                                                            <comment id="198967" author="557058:4f6bed01-40a6-48d5-8471-7ef21f5ea97c" created="Thu, 18 Jun 2020 13:39:50 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=63e2a2771b13d42998e4e706&quot; class=&quot;user-hover&quot; rel=&quot;63e2a2771b13d42998e4e706&quot; data-account-id=&quot;63e2a2771b13d42998e4e706&quot; accountid=&quot;63e2a2771b13d42998e4e706&quot; rel=&quot;noreferrer&quot;&gt;Marc Johnson&lt;/a&gt;, those manual ones can be changed back to use direct ones but do not have to. Both ways should work because perm sets are expanded recursively.&lt;/p&gt;</comment>
                                                            <comment id="198969" author="557058:4f6bed01-40a6-48d5-8471-7ef21f5ea97c" created="Thu, 18 Jun 2020 14:29:27 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=61cd0ca0bce5e00069e98be7&quot; class=&quot;user-hover&quot; rel=&quot;61cd0ca0bce5e00069e98be7&quot; data-account-id=&quot;61cd0ca0bce5e00069e98be7&quot; accountid=&quot;61cd0ca0bce5e00069e98be7&quot; rel=&quot;noreferrer&quot;&gt;David Crossley&lt;/a&gt;, &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5c706fbb47a54a6728e59df2&quot; class=&quot;user-hover&quot; rel=&quot;5c706fbb47a54a6728e59df2&quot; data-account-id=&quot;5c706fbb47a54a6728e59df2&quot; accountid=&quot;5c706fbb47a54a6728e59df2&quot; rel=&quot;noreferrer&quot;&gt;Wayne Schneider&lt;/a&gt; and &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5cd423bebc70090d6ce241b1&quot; class=&quot;user-hover&quot; rel=&quot;5cd423bebc70090d6ce241b1&quot; data-account-id=&quot;5cd423bebc70090d6ce241b1&quot; accountid=&quot;5cd423bebc70090d6ce241b1&quot; rel=&quot;noreferrer&quot;&gt;Ian Hardy&lt;/a&gt; I created a PR to address the perm count error: &lt;a href=&quot;https://github.com/folio-org/folio-ansible/pull/360&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/folio-ansible/pull/360&lt;/a&gt; but I cannot request reviewers due to permission setup for that repo.&lt;/p&gt;</comment>
                                                            <comment id="198971" author="61cd0ca0bce5e00069e98be7" created="Fri, 19 Jun 2020 07:44:13 +0000"  >&lt;p&gt;Thanks Hongwei. I merged that and followed with test Jenkins builds:&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://jenkins-aws.indexdata.com/job/Automation/job/folio-snapshot-test/170/consoleFull&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;folio-snapshot-test/170&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://jenkins-aws.indexdata.com/job/Automation/job/folio-testing-test/76/consoleFull&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;folio-testing-test/76&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;They failed at different ansible tasks.&lt;/p&gt;

&lt;p&gt;However i am out of time today to investigate further.&lt;/p&gt;</comment>
                                                            <comment id="198973" author="63e2a2771b13d42998e4e706" created="Fri, 19 Jun 2020 11:19:51 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3A4f6bed01-40a6-48d5-8471-7ef21f5ea97c&quot; class=&quot;user-hover&quot; rel=&quot;557058:4f6bed01-40a6-48d5-8471-7ef21f5ea97c&quot; data-account-id=&quot;557058:4f6bed01-40a6-48d5-8471-7ef21f5ea97c&quot; accountid=&quot;557058:4f6bed01-40a6-48d5-8471-7ef21f5ea97c&quot; rel=&quot;noreferrer&quot;&gt;Hongwei Ji&lt;/a&gt;&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;those manual ones can be changed back to use direct ones but do not have to. Both ways should work because perm sets are expanded recursively. &lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;Thanks&lt;/p&gt;</comment>
                                                            <comment id="198976" author="61cd0ca0bce5e00069e98be7" created="Mon, 22 Jun 2020 06:20:33 +0000"  >&lt;p&gt;As explained in this ticket Description, the default permissionsRequired was added to those other modules so that we could proceed with this, and attempt to unpin Okapi version.&lt;/p&gt;

&lt;p&gt;There are now still permissions issues with the build. Hongwei and i have tried various changes over the weeekend and today, in this &lt;a href=&quot;https://github.com/folio-org/folio-ansible/tree/folio-2633-monitor-perms-required&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;folio-ansible branch&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;Built the folio-snapshot-test again today. See &lt;a href=&quot;https://jenkins-aws.indexdata.com/job/Automation/job/folio-snapshot-test/177/consoleFull&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;folio-snapshot-test/177&lt;/a&gt;&lt;br/&gt;
but it fails.&lt;/p&gt;

&lt;p&gt;It is using the current okapi-3.1.1 release.&lt;/p&gt;

&lt;p&gt;See the attached portion of log at okapi-snapshot-test-177-20200622.log (i have more if needed).&lt;/p&gt;

&lt;p&gt;There are many errors of the following form (but not sure if that is the actual problem):&lt;/p&gt;

&lt;div class=&quot;preformatted panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;preformattedContent panelContent&quot;&gt;
&lt;pre&gt;2020-06-22T04:58:44,741 INFO  DockerModuleHandle   mod-permissions-5.12.0-SNAPSHOT.80 22 Jun 2020 04:58:44:739
ERROR PermsAPI [499977eqId] Error attempting to update permissions metadata:
org.folio.cql2pgjson.exception.QueryValidationException:
org.z3950.zing.cql.CQLParseException: expected boolean, got &apos;/&apos;
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;Our most recent change to folio-ansible was to extend the &quot;length&quot; of the permission query to &quot;Get all permissionSets&quot; from 500 to 2000. That was for the linked Jenkins run 177. Extended that again to 3000 and ran again for Jenkins build 178, but still failed.&lt;/p&gt;</comment>
                                                            <comment id="198981" author="5f8314dfbdef80006f6f572d" created="Mon, 22 Jun 2020 13:16:37 +0000"  >&lt;p&gt;This latest issue is going to be fixed with 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;MODPERMS-85&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/MODPERMS-85&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Invalid CQL when encoding permission name value&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium&quot; /&gt;
            MODPERMS-85
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
&lt;/p&gt;</comment>
                                                            <comment id="198983" author="557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d" created="Mon, 22 Jun 2020 13:19:16 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5f8314dfbdef80006f6f572d&quot; class=&quot;user-hover&quot; rel=&quot;5f8314dfbdef80006f6f572d&quot; data-account-id=&quot;5f8314dfbdef80006f6f572d&quot; accountid=&quot;5f8314dfbdef80006f6f572d&quot; rel=&quot;noreferrer&quot;&gt;Adam Dickmeiss&lt;/a&gt; can you let &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5c706fbb47a54a6728e59df2&quot; class=&quot;user-hover&quot; rel=&quot;5c706fbb47a54a6728e59df2&quot; data-account-id=&quot;5c706fbb47a54a6728e59df2&quot; accountid=&quot;5c706fbb47a54a6728e59df2&quot; rel=&quot;noreferrer&quot;&gt;Wayne Schneider&lt;/a&gt; know when the new mod-permissions release is ready? He will try to give it a go.&lt;/p&gt;</comment>
                                                            <comment id="198985" author="61cd0ca0bce5e00069e98be7" created="Mon, 22 Jun 2020 13:39:24 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5f8314dfbdef80006f6f572d&quot; class=&quot;user-hover&quot; rel=&quot;5f8314dfbdef80006f6f572d&quot; data-account-id=&quot;5f8314dfbdef80006f6f572d&quot; accountid=&quot;5f8314dfbdef80006f6f572d&quot; rel=&quot;noreferrer&quot;&gt;Adam Dickmeiss&lt;/a&gt; we just need the fix in master to enable the test run again.&lt;/p&gt;</comment>
                                                            <comment id="198987" author="61cd0ca0bce5e00069e98be7" created="Mon, 22 Jun 2020 13:40:40 +0000"  >&lt;p&gt;The Jenkins builds folio-snapshot-test and folio-testing-test are currently configured to use &quot;refs/heads/folio-2633-monitor-permsrequired-3&quot; of folio-infrastructure.&lt;/p&gt;

&lt;p&gt;So just press the button.&lt;/p&gt;</comment>
                                                            <comment id="198989" author="5f8314dfbdef80006f6f572d" created="Tue, 23 Jun 2020 15:37:48 +0000"  >&lt;p&gt;started run &lt;a href=&quot;https://jenkins-aws.indexdata.com/job/Automation/job/folio-snapshot-test/&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://jenkins-aws.indexdata.com/job/Automation/job/folio-snapshot-test/&lt;/a&gt; , now that 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;MODPERMS-85&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/MODPERMS-85&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Invalid CQL when encoding permission name value&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium&quot; /&gt;
            MODPERMS-85
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
 is done&lt;/p&gt;</comment>
                                                            <comment id="198992" author="61cd0ca0bce5e00069e98be7" created="Wed, 24 Jun 2020 06:35:45 +0000"  >&lt;p&gt;Following the fix of 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;MODPERMS-85&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/MODPERMS-85&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Invalid CQL when encoding permission name value&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium&quot; /&gt;
            MODPERMS-85
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
 yesterday, the run of &lt;a href=&quot;https://jenkins-aws.indexdata.com/job/Automation/job/folio-testing-test/83/consoleFull&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;folio-testing-test 83&lt;/a&gt; is successful with okapi-3.1.1&lt;/p&gt;

&lt;p&gt;Today&apos;s folio-snapshot is broken by something unrelated, so cannot test there.&lt;/p&gt;

&lt;p&gt;Not yet organised the final PR for folio-ansible to unpin okapi.&lt;/p&gt;</comment>
                                                            <comment id="198995" author="61cd0ca0bce5e00069e98be7" created="Thu, 25 Jun 2020 05:01:26 +0000"  >&lt;p&gt;Hmm, so for the last two days i have been trying to get a clean run of folio-snapshot-test with okapi v3, before trying to set okapi to v3 for all reference environment builds.&lt;/p&gt;

&lt;p&gt;No.&lt;/p&gt;

&lt;p&gt;It still feels like a folio-ansible/Jenkins problem.&lt;/p&gt;

&lt;p&gt;See today &lt;a href=&quot;https://jenkins-aws.indexdata.com/job/Automation/job/folio-snapshot-test/184/consoleFull&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;folio-snapshot-test/184&lt;/a&gt; which fails twice &lt;img class=&quot;emoticon&quot; src=&quot;/images/icons/emoticons/help_16.png&quot; height=&quot;16&quot; width=&quot;16&quot; align=&quot;absmiddle&quot; alt=&quot;&quot; border=&quot;0&quot;/&gt; in the one run.&lt;/p&gt;

&lt;p&gt;and yesterday &lt;a href=&quot;https://jenkins-aws.indexdata.com/job/Automation/job/folio-snapshot-test/183/consoleFull&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;folio-snapshot-test/183&lt;/a&gt; which fails in a slightly different way.&lt;/p&gt;

&lt;p&gt;For good measure i ran folio-testing-test again today (#84) with okapi v3, and again it is happy.&lt;/p&gt;

&lt;p&gt;So calling on &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5c706fbb47a54a6728e59df2&quot; class=&quot;user-hover&quot; rel=&quot;5c706fbb47a54a6728e59df2&quot; data-account-id=&quot;5c706fbb47a54a6728e59df2&quot; accountid=&quot;5c706fbb47a54a6728e59df2&quot; rel=&quot;noreferrer&quot;&gt;Wayne Schneider&lt;/a&gt; or &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5cd423bebc70090d6ce241b1&quot; class=&quot;user-hover&quot; rel=&quot;5cd423bebc70090d6ce241b1&quot; data-account-id=&quot;5cd423bebc70090d6ce241b1&quot; accountid=&quot;5cd423bebc70090d6ce241b1&quot; rel=&quot;noreferrer&quot;&gt;Ian Hardy&lt;/a&gt; for assistance.&lt;/p&gt;</comment>
                                                            <comment id="198998" author="557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d" created="Thu, 25 Jun 2020 11:47:22 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=61cd0ca0bce5e00069e98be7&quot; class=&quot;user-hover&quot; rel=&quot;61cd0ca0bce5e00069e98be7&quot; data-account-id=&quot;61cd0ca0bce5e00069e98be7&quot; accountid=&quot;61cd0ca0bce5e00069e98be7&quot; rel=&quot;noreferrer&quot;&gt;David Crossley&lt;/a&gt; &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5c706fbb47a54a6728e59df2&quot; class=&quot;user-hover&quot; rel=&quot;5c706fbb47a54a6728e59df2&quot; data-account-id=&quot;5c706fbb47a54a6728e59df2&quot; accountid=&quot;5c706fbb47a54a6728e59df2&quot; rel=&quot;noreferrer&quot;&gt;Wayne Schneider&lt;/a&gt; Guys, can we try to investigate what is going on?&lt;/p&gt;</comment>
                                                            <comment id="199001" author="5c706fbb47a54a6728e59df2" created="Thu, 25 Jun 2020 13:03:20 +0000"  >&lt;p&gt;It appears that the CQL query &lt;tt&gt;(childOf==[] not permissionName=okapi.*)&lt;/tt&gt; to /perms/permissions is either returning unreliable results or an unreliable &lt;tt&gt;totalRecords&lt;/tt&gt; key. I haven&apos;t been able to reproduce the issue outside of the CI environment, which makes it hard to track down.&lt;/p&gt;

&lt;p&gt;We have added some addition debugging information in the Ansible error message, and we updated the query to exclude the &lt;tt&gt;SYS#*&lt;/tt&gt; permissions. Making a test run now...&lt;/p&gt;</comment>
                                                            <comment id="199004" author="5cd423bebc70090d6ce241b1" created="Thu, 25 Jun 2020 13:48:51 +0000"  >&lt;p&gt;I&apos;m getting the right number in totalRecords with the CQL query, but without the behaviour is weird. There are 1659 permissions on snapshot right now, but totalRecords is reported as 1000 as long as the length is specified under 1000 (or the default length param). When you set length between 1001 and 1659, you get whatever you set for length back as totalRecords, and when you exceed 1659 you get that (the real total) for totalRecords:&lt;/p&gt;

&lt;div class=&quot;preformatted panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;preformattedContent panelContent&quot;&gt;
&lt;pre&gt;$ http &quot;https://folio-snapshot-okapi.aws.indexdata.com/perms/permissions&quot; &quot;x-okapi-token:$stoken&quot; &quot;x-okapi-tenant:diku&quot; | jq &apos;.totalRecords&apos;
1000
$ http &quot;https://folio-snapshot-okapi.aws.indexdata.com/perms/permissions?length=2&quot; &quot;x-okapi-token:$stoken&quot; &quot;x-okapi-tenant:diku&quot; | jq &apos;.totalRecords&apos;
1000
$ http &quot;https://folio-snapshot-okapi.aws.indexdata.com/perms/permissions?length=1200&quot; &quot;x-okapi-token:$stoken&quot; &quot;x-okapi-tenant:diku&quot; | jq &apos;.totalRecords&apos;
1200
$ http &quot;https://folio-snapshot-okapi.aws.indexdata.com/perms/permissions?length=2000&quot; &quot;x-okapi-token:$stoken&quot; &quot;x-okapi-tenant:diku&quot; | jq &apos;.totalRecords&apos;
1659
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;</comment>
                                                            <comment id="199006" author="557058:4f6bed01-40a6-48d5-8471-7ef21f5ea97c" created="Thu, 25 Jun 2020 13:52:41 +0000"  >&lt;p&gt;We observed the count difference as well. It was discussed in &lt;a href=&quot;https://folio-org.atlassian.net/browse/MODPERMS-86&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://folio-org.atlassian.net/browse/MODPERMS-86&lt;/a&gt;&lt;/p&gt;</comment>
                                                            <comment id="199008" author="5ee89462f7aa140abd82d11d" created="Thu, 25 Jun 2020 16:17:07 +0000"  >&lt;p&gt;totalRecords is an &lt;b&gt;estimation&lt;/b&gt; based on PostgreSQL&apos;s query planner statistics.&lt;br/&gt;
For details see &lt;a href=&quot;https://github.com/folio-org/raml-module-builder#estimated-totalrecords&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/raml-module-builder#estimated-totalrecords&lt;/a&gt;&lt;br/&gt;
Either get chunks, for example with chunk size 500, as described on &lt;a href=&quot;https://github.com/folio-org/raml-module-builder#implement-chunked-bulk-download&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/raml-module-builder#implement-chunked-bulk-download&lt;/a&gt; , until there are no more records.&lt;br/&gt;
Or use a high length to get all in one go, for example length=10000.&lt;/p&gt;</comment>
                                                            <comment id="199011" author="5c706fbb47a54a6728e59df2" created="Thu, 25 Jun 2020 19:49:14 +0000"  >&lt;p&gt;Thanks, &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3A4f6bed01-40a6-48d5-8471-7ef21f5ea97c&quot; class=&quot;user-hover&quot; rel=&quot;557058:4f6bed01-40a6-48d5-8471-7ef21f5ea97c&quot; data-account-id=&quot;557058:4f6bed01-40a6-48d5-8471-7ef21f5ea97c&quot; accountid=&quot;557058:4f6bed01-40a6-48d5-8471-7ef21f5ea97c&quot; rel=&quot;noreferrer&quot;&gt;Hongwei Ji&lt;/a&gt; and &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5ee89462f7aa140abd82d11d&quot; class=&quot;user-hover&quot; rel=&quot;5ee89462f7aa140abd82d11d&quot; data-account-id=&quot;5ee89462f7aa140abd82d11d&quot; accountid=&quot;5ee89462f7aa140abd82d11d&quot; rel=&quot;noreferrer&quot;&gt;Julian Ladisch&lt;/a&gt;. I think the issue with the apparently mismatched counts may be a red-herring, as we are seeing what appears to be an unrelated failure in the last few builds.&lt;/p&gt;</comment>
                                                            <comment id="199014" author="5c706fbb47a54a6728e59df2" created="Thu, 25 Jun 2020 22:56:31 +0000"  >&lt;p&gt;At this point I&apos;m stumped. The build is failing, not always in the same place, with the error:&lt;/p&gt;

&lt;div class=&quot;code panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;codeContent panelContent&quot;&gt;
&lt;pre class=&quot;code-java&quot;&gt;
FATAL: command execution failed
hudson.AbortException: Ansible playbook execution failed
	at org.jenkinsci.plugins.ansible.AnsiblePlaybookBuilder.perform(AnsiblePlaybookBuilder.java:262)
	at org.jenkinsci.plugins.ansible.workflow.AnsiblePlaybookStep$AnsiblePlaybookExecution.run(AnsiblePlaybookStep.java:400)
	at org.jenkinsci.plugins.ansible.workflow.AnsiblePlaybookStep$AnsiblePlaybookExecution.run(AnsiblePlaybookStep.java:321)
	at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1$1.call(AbstractSynchronousNonBlockingStepExecution.java:47)
	at hudson.security.ACL.impersonate(ACL.java:367)
	at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1.run(AbstractSynchronousNonBlockingStepExecution.java:44)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.&lt;span class=&quot;code-object&quot;&gt;Thread&lt;/span&gt;.run(&lt;span class=&quot;code-object&quot;&gt;Thread&lt;/span&gt;.java:748)
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;I would be tempted to try to run the build on the master node, to rule out something strange with the slave container. Unfortunately, the master node seems a little strapped for RAM. I suspect that we can&apos;t run from the packet.io slave because it won&apos;t have ssh access to the snapshot system.&lt;/p&gt;</comment>
                                                            <comment id="199018" author="557058:4f6bed01-40a6-48d5-8471-7ef21f5ea97c" created="Fri, 26 Jun 2020 00:43:27 +0000"  >&lt;p&gt;Not sure if you have seen &lt;a href=&quot;https://issues.jenkins-ci.org/browse/JENKINS-54557&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://issues.jenkins-ci.org/browse/JENKINS-54557&lt;/a&gt;. If the issue is similar, some comments (dirty fix) in that ticket might be helpful. &lt;/p&gt;</comment>
                                                            <comment id="199020" author="61cd0ca0bce5e00069e98be7" created="Fri, 26 Jun 2020 03:55:38 +0000"  >&lt;p&gt;Thanks Hongwei. I did add one of their suggestions. To sleep during Jenkins cleanup to enable ansible to report its errors. However it seems to not be any more informative than previous builds, e.g. comparing today&apos;s #191 with the #184.&lt;/p&gt;</comment>
                                                            <comment id="199022" author="61cd0ca0bce5e00069e98be7" created="Fri, 26 Jun 2020 03:56:56 +0000"  >&lt;p&gt;I do notice some other weirdness. For this branch of folio-ansible, Wayne improved the name of task &quot;tenant-admin-permissions : Get all permissionSets not included in other permissionSets excluding okapi&quot; and the failure message for the task &quot;tenant-admin-permissions : Fail if all permissions not retrieved&quot; to be more informative about this counts thing.&lt;/p&gt;

&lt;p&gt;However those improved messages are not shown &amp;#8211; still has the old messages. See &lt;a href=&quot;https://jenkins-aws.indexdata.com/job/Automation/job/folio-snapshot-test/191/consoleFull&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;folio-snapshot-test/191&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;This branch of folio-ansible does unpin the version of okapi, which i verified again today by inspecting the okapi.log file. So Jenkins must be using that branch, but it seems to be an old version. (Head hurts.)&lt;/p&gt;

&lt;p&gt;Update: However the folio-testing-test build (which is successful) does show those updated messages, e.g. &lt;a href=&quot;https://jenkins-aws.indexdata.com/job/Automation/job/folio-testing-test/86/console&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;folio-testing-test/86&lt;/a&gt;&lt;/p&gt;</comment>
                                                            <comment id="199026" author="5ee89462f7aa140abd82d11d" created="Fri, 26 Jun 2020 14:52:21 +0000"  >&lt;p&gt;The CQL query &lt;tt&gt;(childOf==[] not permissionName=okapi.* not permissionName=SYS#*)&lt;/tt&gt; should not use the = operator that is word matching ignoring punctuation. It should use the == operator that matches the complete field including punctuation:&lt;/p&gt;

&lt;p&gt;&lt;tt&gt;(childOf==[] not permissionName==okapi.* not permissionName==SYS#*)&lt;/tt&gt;&lt;/p&gt;

&lt;p&gt;&lt;tt&gt;permissionName=SYS#*&lt;/tt&gt; is the same as permissionName=&quot;SYS *&quot; is the same as &lt;tt&gt;permissionName=SYS&lt;/tt&gt; and this matches my-module.foo.sys.bar.read.&lt;/p&gt;

&lt;p&gt;Details about CQL string matching: &lt;a href=&quot;https://dev.folio.org/faqs/explain-cql/&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://dev.folio.org/faqs/explain-cql/&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The length parameter should be increased from &lt;tt&gt;length=500&lt;/tt&gt; to &lt;tt&gt;length=5000&lt;/tt&gt;.&lt;/p&gt;</comment>
                                                            <comment id="199028" author="5c706fbb47a54a6728e59df2" created="Fri, 26 Jun 2020 16:20:11 +0000"  >&lt;p&gt;Thanks, &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5ee89462f7aa140abd82d11d&quot; class=&quot;user-hover&quot; rel=&quot;5ee89462f7aa140abd82d11d&quot; data-account-id=&quot;5ee89462f7aa140abd82d11d&quot; accountid=&quot;5ee89462f7aa140abd82d11d&quot; rel=&quot;noreferrer&quot;&gt;Julian Ladisch&lt;/a&gt;, I&apos;ve made those updates to the query. And &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3A4f6bed01-40a6-48d5-8471-7ef21f5ea97c&quot; class=&quot;user-hover&quot; rel=&quot;557058:4f6bed01-40a6-48d5-8471-7ef21f5ea97c&quot; data-account-id=&quot;557058:4f6bed01-40a6-48d5-8471-7ef21f5ea97c&quot; accountid=&quot;557058:4f6bed01-40a6-48d5-8471-7ef21f5ea97c&quot; rel=&quot;noreferrer&quot;&gt;Hongwei Ji&lt;/a&gt;, I think adding that little bit of sleep in case of failure does help ensure that we get the full log, thank you!&lt;/p&gt;

&lt;p&gt;David and I think that we may have a clue as to what is going on &amp;#8211; Jenkins seems to have hold of a different commit of folio-ansible in the Ansible roles_path. There may be some mitigation possible.&lt;/p&gt;</comment>
                                                            <comment id="199031" author="5c706fbb47a54a6728e59df2" created="Fri, 26 Jun 2020 19:46:52 +0000"  >&lt;p&gt;OK, we figured it out, I think.&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;There are &lt;em&gt;two&lt;/em&gt; versions of the tenant-admin-permissions role in folio-infrastructure. One is local to that repository, one comes from the folio-ansible submodule.&lt;/li&gt;
	&lt;li&gt;The local version was not updated with the improved CQL query (increasing the result set length and excluding the &lt;tt&gt;SYS#&lt;/tt&gt; permissions), so it was not getting all the permissions and the Ansible task was failing as designed.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;The reason there are two versions of the role (and several other roles) is because at some point we could not figure out how to set the roles path for Ansible on Jenkins, so we just worked around it. We now know how to do that: create an Ansible configuration file with a &lt;tt&gt;roles_path&lt;/tt&gt; default and use the &lt;tt&gt;ANSIBLE_CONFIG&lt;/tt&gt; environment variable to point to the config file. Then we can remove all the local copies of the roles.&lt;/p&gt;

&lt;p&gt;The environment variable update needs to be made in all the Jenkins jobs that use the Jenkins Ansible plugin.&lt;/p&gt;</comment>
                                                            <comment id="199035" author="61cd0ca0bce5e00069e98be7" created="Mon, 29 Jun 2020 02:39:35 +0000"  >&lt;p&gt;Excellent, Wayne. And thanks to everyone involved.&lt;/p&gt;

&lt;p&gt;We will discuss this at today&apos;s (Monday) DevOps meeting.&lt;/p&gt;</comment>
                                                            <comment id="199038" author="61cd0ca0bce5e00069e98be7" created="Mon, 29 Jun 2020 13:33:32 +0000"  >&lt;p&gt;Blocked this ticket on 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;FOLIO-2660&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-2660&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;duplicate roles in folio-ansible and folio-infrastructure&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium&quot; /&gt;
            FOLIO-2660
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
 to address the duplicate roles in folio-ansible and folio-infrastructure.&lt;/p&gt;

&lt;p&gt;Update: That was handled in the context of this 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;FOLIO-2633&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-2633&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Jenkins builds broken when okapi-3 until ModuleDescriptors have permissionsRequired, then verify&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium&quot; /&gt;
            FOLIO-2633
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
.&lt;/p&gt;</comment>
                                                            <comment id="199040" author="61cd0ca0bce5e00069e98be7" created="Tue, 30 Jun 2020 03:56:32 +0000"  >&lt;p&gt;The branches were merged today: &lt;a href=&quot;https://github.com/folio-org/folio-ansible/pull/362&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;folio-ansible/pull/362&lt;/a&gt; and &lt;a href=&quot;https://github.com/folio-org-priv/folio-infrastructure/pull/206&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;folio-infrastructure/pull/206&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The subsequent reference environment builds related to folio-snapshot are successful.&lt;/p&gt;</comment>
                                                            <comment id="199042" author="61cd0ca0bce5e00069e98be7" created="Tue, 30 Jun 2020 03:57:32 +0000"  >&lt;p&gt;However, something is amiss with only folio-testing-backend 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;FOLIO-2665&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-2665&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;folio-testing-backend Jenkins build broken today, permissions for email configuration&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium&quot; /&gt;
            FOLIO-2665
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
.&lt;/p&gt;</comment>
                                                            <comment id="199044" author="61cd0ca0bce5e00069e98be7" created="Thu, 2 Jul 2020 05:00:41 +0000"  >&lt;p&gt;The final piece of the new system permissions puzzle was solved with 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;FOLIO-2665&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-2665&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;folio-testing-backend Jenkins build broken today, permissions for email configuration&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium&quot; /&gt;
            FOLIO-2665
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10000">
                    <name>Blocks</name>
                                                                <inwardlinks description="is blocked by">
                                        <issuelink>
            <issuekey id="35058">MODGQL-124</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="81700">FOLIO-2660</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="72324">MODCAT-200</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="73338">MODLOGSAML-60</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="54290">OKAPI-859</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="41324">ERM-851</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="77789">MODCXINV-45</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="34295">MODPERMS-85</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="35356">MODUSERBL-88</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10003">
                    <name>Relates</name>
                                            <outwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="46979">CIRC-783</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="81665">FOLIO-2567</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="34298">MODPERMS-86</issuekey>
        </issuelink>
                            </outwardlinks>
                                                                <inwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="81705">FOLIO-2665</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="54097">OKAPI-767</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                            <attachment id="64293" name="okapi-snapshot-test-161-20200611.log.gz" size="769025" author="61cd0ca0bce5e00069e98be7" created="Thu, 11 Jun 2020 07:34:31 +0000"/>
                            <attachment id="64294" name="okapi-snapshot-test-177-20200622.log.gz" size="629734" author="61cd0ca0bce5e00069e98be7" created="Mon, 22 Jun 2020 06:22:28 +0000"/>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10155"><![CDATA[FOLIO DevOps]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i018l3:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="1986">DevOps: sprint 92</customfieldvalue>
    <customfieldvalue id="1878">DevOps: sprint 90</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10024" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>[CHART] Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Fri, 5 Jun 2020 01:20:43 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10025" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>[CHART] Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>