Chef 11 to 12 data load failure: users fk constraint violation

Hi. I’m trying to load transformed chef 11 data into an Org on my new chef 12 server, and it’s failing. Can someone help?

This is seemingly like thread Failed uploading transformed data to the Chef 12 server, but I feel that thread never produced an answer, or a fix.

The data load for the first Org created is fine. But when I try to load that data to the second Org, it fails. Note that there are some users that I intend to load into both of this Orgs.

Can a user exist in more than one Org, using the same public RSA key?

Here are all the details. Thanks in advance!
kallen

on chef 11 server:

install the chef 12 rpm to get access to the tools, and:

/opt/opscode/bin/chef-server-ctl chef12-upgrade-download --chef11-data-dir /tmp/chef11_data --download-only

I don’t transfer that data dump to my freshly installed chef 12 server, but instead, I only transfer that key_dump.json to the chef 12 server. On this chef 12 server, I intend to have 2 Orgs. To start, I do this:

chef-server-ctl reconfigure chef-server-ctl user-create $CHEF_FIRST_USER Formal Name ops@example.com REDACTED --filename /etc/opscode/$CHEF_FIRST_USER.pem chef-server-ctl org-create $CHEF_FIRST_ORG "Org $CHEF_FIRST_ORG" --association_user $CHEF_FIRST_USER --filename /etc/chef/$CHEF_FIRST_ORG-validator.pem

Then I grab our latest backup of a chef 11 server to the chef 12 server. Our backup technique uses “knife download / -c /path/to/knife.rb”, and the backup contains:

drwxr-xr-x 2 root root 36864 Nov 5 03:20 clients drwxr-xr-x 566 root root 32768 Nov 5 03:30 cookbooks drwxr-xr-x 21 root root 4096 Nov 5 03:20 data_bags drwxr-xr-x 2 root root 4096 Nov 5 03:20 environments drwxr-xr-x 2 root root 36864 Nov 5 03:22 nodes drwxr-xr-x 2 root root 4096 Nov 5 03:20 roles drwxr-xr-x 2 root root 4096 Nov 5 03:20 users

Now I prepare that backup and use chef 12 chef-server-ctl on it:

tar jxf chef_server_backup_latest.tar.bz -C /tmp/chef11_data cp key_dump.json /tmp/chef11_data chef-server-ctl chef12-upgrade-data-transform --org-name $CHEF_FIRST_ORG --full-org-name "Org $CHEF_FIRST_ORG" --chef11-data-dir /tmp/chef11_data chef-server-ctl chef12-upgrade-upload --org-name $CHEF_FIRST_ORG --chef12-data-dir /tmp/chef12-server-data2015xx

That succeeded. The problem occurs when I try this on the second Org:

chef-server-ctl org-create $CHEF_SECOND_ORG "Org $CHEF_SECOND_ORG" --association_user $CHEF_FIRST_USER --filename /etc/chef/$CHEF_SECOND_ORG-validator.pem tar jxf chef_server_backup_latest.tar.bz -C /tmp/chef11_data cp key_dump.json /tmp/chef11_data chef-server-ctl chef12-upgrade-data-transform --org-name $CHEF_SECOND_ORG --full-org-name "Org $CHEF_SECOND_ORG" --chef11-data-dir /tmp/chef11_data chef-server-ctl chef12-upgrade-upload --org-name $CHEF_SECOND_ORG --chef12-data-dir /tmp/chef12-server-data2015xx

But it fails with this error:

Chef 12 server started
Writing knife-ec-backup config to /tmp/knife-ec-backup-config.rb
Uploading transformed open source Chef 11 server data to Chef 12 server
Restoring users
Updating user record for admin
Updating user record for user01
Updating user record for user02
Updating user record for user03
ERROR: Sequel::ForeignKeyConstraintViolation: PG::ForeignKeyViolation: ERROR: update or delete on table “users” violates foreign key constraint “org_user_associations_user_id_fkey” on table "org_user_associations"
DETAIL: Key (id)=(0000000000006db574cd1355979fea27) is still referenced from table “org_user_associations”.
Failed uploading transformed data to the Chef 12 server

I’ll throw in some log in case it’s helpful:

2015-11-05_19:36:11.78158 CONTEXT: PL/pgSQL function actor_has_permission_on(character,character,auth_type,auth_any_permission) line 12 during statement block local variable initialization
2015-11-05_19:36:11.78158 STATEMENT: SELECT actor_has_permission_on AS permission
2015-11-05_19:36:11.78159 FROM actor_has_permission_on($1, $2, $3, $4)
2015-11-05_19:36:12.56189 ERROR: duplicate key value violates unique constraint "users_username_key"
2015-11-05_19:36:12.56191 DETAIL: Key (username)=(user02) already exists.
2015-11-05_19:36:12.56192 STATEMENT: INSERT INTO users (id, authz_id, username, email, public_key, pubkey_version,
2015-11-05_19:36:12.56192 hashed_password, salt, hash_type, last_updated_by, created_at,
2015-11-05_19:36:12.56193 updated_at, external_authentication_uid,
2015-11-05_19:36:12.56193 recovery_authentication_enabled, serialized_object, admin) VALUES
2015-11-05_19:36:12.56193 ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, false)
2015-11-05_19:36:12.56568 ERROR: null value cannot be assigned to variable “target_id” declared NOT NULL
2015-11-05_19:36:12.56569 CONTEXT: PL/pgSQL function actor_has_permission_on(character,character,auth_type,auth_any_permission) line 12 during statement block local variable initialization
2015-11-05_19:36:12.56570 STATEMENT: SELECT actor_has_permission_on AS permission
2015-11-05_19:36:12.56570 FROM actor_has_permission_on($1, $2, $3, $4)
2015-11-05_19:36:13.34624 ERROR: duplicate key value violates unique constraint "users_username_key"
2015-11-05_19:36:13.34626 DETAIL: Key (username)=(user03) already exists.
2015-11-05_19:36:13.34627 STATEMENT: INSERT INTO users (id, authz_id, username, email, public_key, pubkey_version,
2015-11-05_19:36:13.34627 hashed_password, salt, hash_type, last_updated_by, created_at,
2015-11-05_19:36:13.34628 updated_at, external_authentication_uid,
2015-11-05_19:36:13.34628 recovery_authentication_enabled, serialized_object, admin) VALUES
2015-11-05_19:36:13.34629 ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, false)
2015-11-05_19:36:13.34971 ERROR: null value cannot be assigned to variable “target_id” declared NOT NULL
2015-11-05_19:36:13.34972 CONTEXT: PL/pgSQL function actor_has_permission_on(character,character,auth_type,auth_any_permission) line 12 during statement block local variable initialization
2015-11-05_19:36:13.34973 STATEMENT: SELECT actor_has_permission_on AS permission
2015-11-05_19:36:13.34973 FROM actor_has_permission_on($1, $2, $3, $4)
2015-11-05_19:36:13.66977 ERROR: update or delete on table “users” violates foreign key constraint “org_user_associations_user_id_fkey” on table "org_user_associations"
2015-11-05_19:36:13.66979 DETAIL: Key (id)=(0000000000006db574cd1355979fea27) is still referenced from table “org_user_associations”.
2015-11-05_19:36:13.66980 STATEMENT: UPDATE “users” SET “username” = ‘user02’, “id” = ‘000000000000106dc759102701f76da5’, “public_key” = '-----BEGIN PUBLIC KEY-----
2015-11-05_19:36:13.66980 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzrOzMNR6uzovugcfrzRa
2015-11-05_19:36:13.66981 Sdz+/iBMYh/Z+NIQskNVVSefcgmMqjIScVPSQWZGlnbAQhUt66wMbImuxPTqTH8S
2015-11-05_19:36:13.66982 kx0NdieO2RJ15405PjvarP68FIW14Ax1/oWWTyRCDfn5rwt8cXDSvZCDd556pRqC
2015-11-05_19:36:13.66982 rzY/QtomBK+v/h+qT6LXao15T3oenfDk6OGLAGwpp8hDmqrxDSFQu0HYvmKwoarC
2015-11-05_19:36:13.66983 xrW+PiZriztl175kLHS4TgQ5zZYbEs8uvNZF7mPi6aSqIDFk2FhZXL7dLMFWsuH4
2015-11-05_19:36:13.66983 y2siKMEKnsnCZnDiWt0binojd9B5hSU3GIO1XBwT9898pKbPqX9UgisvLXWvMwno
2015-11-05_19:36:13.66984 8QIDAQAB
2015-11-05_19:36:13.66984 -----END PUBLIC KEY-----
2015-11-05_19:36:13.66984 ', “hashed_password” = ‘$2a$12$dxxxxxxxxxxxxxxxxkD.qO’, “salt” = ‘$2a$12$d2xxxxxxxxxxxxxxxx’, “hash_type” = ‘erlang-bcrypt-0.5.0’ WHERE (“username” = ‘user02’)

On Thu, 05 Nov 2015, Kallen wrote:

Hi. I’m trying to load transformed chef 11 data into an Org on my new chef 12 server, and it’s failing. Can someone help?

Well, I decided to start from the top on a freshly launched host. I stepped thru
the procedure exactly as stated, and this time it worked. So, I’m not sure how I
got into the problematic state.

I will admit that, for the first Org, I used a modified key_dump.json, from
which I stripped out some users who don’t get access to the first Org; for the
second Org, I used the original key_dump.json. Who knows … :slight_smile:

kallen