Bug 1459674

Summary: manageiq.api_token failing in playbook when using a multi-appliance deployment
Product: Red Hat CloudForms Management Engine Reporter: Jerome Marc <jmarc>
Component: ApplianceAssignee: Tim Wade <twade>
Status: CLOSED CURRENTRELEASE QA Contact: Kedar Kulkarni <kkulkarn>
Severity: high Docs Contact:
Priority: high    
Version: 5.8.0CC: abellott, cpelland, jhardy, ldomb, obarenbo, twade
Target Milestone: GAKeywords: TestOnly, ZStream
Target Release: 5.9.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 5.9.0.1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1460348 (view as bug list) Environment:
Last Closed: 2018-03-06 15:03:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1460348    

Description Jerome Marc 2017-06-07 18:49:19 UTC 
Description of problem:
I am getting the following issue when refreshing VMware provider from a playbook  (implementing example from https://access.redhat.com/articles/3055801).
I am running out of a large deployment, LB + 2 UI + many workers, with one dedicated to Ansible.
As far as I can see (from the error), the manageiq.api_url returned is incorrect, and as such the api_token fails.

TASK [Refresh provider in CloudForms] ******************************************
fatal: [localhost]: FAILED! => {"cache_control": "no-cache", "changed": false, "connection": "close", "content": "{\"error\":{\"kind\":\"unauthorized\",\"message\":\"Invalid Authentication Token 5c384bc500c960508d33293b4bc795a4 specified\",\"klass\":\"Api::AuthenticationError\"}}", "content_security_policy": "default-src 'self'; connect-src 'self'; frame-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self'; style-src 'unsafe-inline' 'self'; report-uri /dashboard/csp_report", "content_type": "application/json; charset=utf-8", "date": "Wed, 07 Jun 2017 16:28:34 GMT", "failed": true, "json": {"error": {"kind": "unauthorized", "klass": "Api::AuthenticationError", "message": "Invalid Authentication Token 5c384bc500c960508d33293b4bc795a4 specified"}}, "msg": "Status code was not [200]: HTTP Error 401: Unauthorized", "redirected": false, "server": "Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.1e-fips mod_auth_kerb/5.4", "status": 401, "strict_transport_security": "max-age=631152000", "transfer_encoding": "chunked", "url": "https://10.9.62.73/api/providers/10000000000001", "x_content_type_options": "nosniff", "x_download_options": "noopen", "x_frame_options": "SAMEORIGIN", "x_permitted_cross_domain_policies": "none", "x_request_id": "09559f42-5618-47c3-a2ee-33c18f938b6e", "x_runtime": "0.008547", "x_xss_protection": "1; mode=block"}


Version-Release number of selected component (if applicable):
5.8.0.17.20170525183055_6317a22 

How reproducible:
Always

Steps to Reproduce:
1. Follow the steps in https://access.redhat.com/articles/3055801 (this assumes you have a multi-appliance setup)
2. Order the service


Actual results:
Invalid Authentication Token

Expected results:
Authentication should work

Additional info:
First comments from Engineering: problem could be that Authentication is failing because the token is stored in memcached as opposed to the Postgres.
It was fixed in this PR: https://github.com/ManageIQ/manageiq/pull/14947
Comment 2 Tim Wade 2017-06-08 15:46:27 UTC 
Marked https://github.com/ManageIQ/manageiq/pull/14947 fine/yes to resolve this
Comment 4 Dave Johnson 2017-06-12 20:38:59 UTC 
*** Bug 1459188 has been marked as a duplicate of this bug. ***
Comment 5 Dmitry Misharov 2018-01-09 15:39:59 UTC 
Fixed and verified in 5.9.0.15.20180103231404_ee61a82. Ansible service can be successfully provisioned on multiappliance setup using this guide https://access.redhat.com/articles/3055801.