pg-upgrade fails when gitlab-psql can't su
Summary
When upgrading gitlab from 10.x to 11.x or higher, the following error is reported:
STDERR: su: cannot open session: Permission denied
Steps to reproduce
Running
gitlab-ctl pg-upgrade
or
yum upgrade gitlab-ce-11.11.8
AND the system has implemented the /etc/security/access.conf. Unless the gitlab-psql user is explicitly listed in the access.conf file, the upgrade will fail. I haven't run into any other case where that user needs to login therefore adding that user to the access.conf file seems like overkill in our environments that strictly enforce least privilege.
What is the current bug behavior?
An upgrade will report:
STDERR: su: cannot open session: Permission denied
Possible fixes
Rather than using su, perhaps the sg command can be used instead.