Bug #16981

"sync-groups" tool doesn't find groups when running on a LoginCluster federation

Added by Lucas Di Pentima 14 days ago. Updated 1 day ago.

In Progress
Assigned To:
Target version:
Start date:
Due date:
% Done:


Estimated time:
(Total: 0.00 h)
Story points:
Release relationship:


When using arvados-sync-groups on a federated cluster with Login.LoginCluster pointing to other cluster, the tool assumes that the needed groups should be owned by the LoginCluster's system user instead of the local system user.

This affects external groups that were synchronized before setting up the federation, because it will try to create a group named "Externally synchronized groups" and it will collide with the preexisting one.


Task #16986: Review 16981-logincluster-sync-groups-fixNewNico C├ęsar

Associated revisions

Revision 146087a2
Added by Lucas Di Pentima 14 days ago

Merge branch '16981-logincluster-sync-groups-fix'
Refs #16981

Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <>

Revision 729b2762
Added by Lucas Di Pentima 10 days ago

Merge branch '16981-sync-group-report-fix'. Refs #16981

Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <>


#1 Updated by Lucas Di Pentima 14 days ago

Fix at ab9833a2d - branch 16981-logincluster-sync-groups-fix
Test run: https://ci.arvados.org/job/developer-run-tests/2134/

  • Fixed the problem by retrieving the local cluster ID from the exported config instead of assuming it from the user's uuid.

#2 Updated by Lucas Di Pentima 14 days ago

Manual testing was done by setting up a LoginCluster federation with a couple of arvbox instances A (main cluster) and B (satellite cluster)
Previous to setting up the federation, created some users and ran the tool with some groups on the B instance.
Then, set up the federation and ran the migrate users script to migrate B users to A.
As a last step into confirming the bug, ran again the arvados-sync-groups tool with the A's admin user credentials from cluster B. Got the following error:

(venv-arvados) lucas@buster:~/arvados/tools/sync-groups$ ./sync-groups -user-id=username ../../test-groups.csv
2020/10/08 15:11:14 error creating system user owned group named "Externally synchronized groups": request failed: 422 Unprocessable Entity: #<ActiveRecord::RecordNotUnique: PG::UniqueViolation: ERROR:  duplicate key value violates unique constraint "index_groups_on_owner_uuid_and_name" 
DETAIL:  Key (owner_uuid, name)=(x1ejm-tpzed-000000000000000, Externally synchronized groups) already exists.
: INSERT INTO "groups" ("uuid", "owner_uuid", "created_at", "modified_by_user_uuid", "modified_at", "name", "updated_at", "group_class") VALUES ($1, $2, $3, $4, $5, $6, $7, $8) RETURNING "id"> (req-28280i3qiygt1p4asl8e)

After the fix, the tool started to work again. Did some changes on the CSV files and re-applied; the changes were done correctly.

#3 Updated by Lucas Di Pentima 1 day ago

  • Target version changed from 2020-10-21 Sprint to 2020-11-04 Sprint

Also available in: Atom PDF