Bug 1639907
Summary: | "foreman-rake ldap:refresh_usergroups" via cli is not working as expected | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Waldirio M Pinheiro <wpinheir> | ||||
Component: | Users & Roles | Assignee: | satellite6-bugs <satellite6-bugs> | ||||
Status: | CLOSED ERRATA | QA Contact: | Radovan Drazny <rdrazny> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 6.3.4 | CC: | ajoseph, bbuckingham, brian.h.nguyen, cpatters, dhlavacd, dlobatog, macr2010, mariuszbrc, mhulan, mkalyat, mmccune, ptrivedi, ramesh.daryani, sadas, saydas | ||||
Target Milestone: | 6.6.0 | Keywords: | Triaged | ||||
Target Release: | Unused | ||||||
Hardware: | All | ||||||
OS: | All | ||||||
Whiteboard: | |||||||
Fixed In Version: | foreman-1.18.0.43-1 | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | |||||||
: | 1756043 1793640 (view as bug list) | Environment: | |||||
Last Closed: | 2019-10-22 19:48:37 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Waldirio M Pinheiro
2018-10-16 21:52:45 UTC
Created attachment 1544591 [details]
foreman-tail output
foreman-tail logs during foreman-rake call. I see this when I run the command line `/usr/sbin/foreman-rake ldap:refresh_usergroups` or when I authenticate with an LDAP user.
We are hitting this bug as well with Satellite 6.4.2. I added our debug logs as attachments. Our LDAP auth works correctly, but the usergroup sync doesn't work when using the foreman-rake task or when logging into the web interface. The only way to refresh the usergroups is to use the web interface to manually refresh the usergroups one at a time. Below is the direct output when running the foreman-rake test: [root@satellite-test ~]# /usr/sbin/foreman-rake ldap:refresh_usergroups /usr/share/foreman/lib/foreman.rb:8: warning: already initialized constant Foreman::UUID_REGEXP /usr/share/foreman/lib/foreman.rb:8: warning: previous definition of UUID_REGEXP was here /usr/share/foreman/lib/core_extensions.rb:182: warning: already initialized constant ActiveSupport::MessageEncryptor::DEFAULT_CIPHER /opt/theforeman/tfm-ror51/root/usr/share/gems/gems/activesupport-5.1.6/lib/active_support/message_encryptor.rb:22: warning: previous definition of DEFAULT_CIPHER was here /opt/theforeman/tfm/root/usr/share/gems/gems/katello-3.7.0.46/app/models/katello/concerns/content_facet_host_extensions.rb:7: warning: already initialized constant Katello::Concerns::ContentFacetHostExtensions::ERRATA_STATUS_MAP /opt/theforeman/tfm/root/usr/share/gems/gems/katello-3.7.0.46/app/models/katello/concerns/content_facet_host_extensions.rb:7: warning: previous definition of ERRATA_STATUS_MAP was here /opt/theforeman/tfm/root/usr/share/gems/gems/katello-3.7.0.46/app/models/katello/concerns/content_facet_host_extensions.rb:14: warning: already initialized constant Katello::Concerns::ContentFacetHostExtensions::TRACE_STATUS_MAP /opt/theforeman/tfm/root/usr/share/gems/gems/katello-3.7.0.46/app/models/katello/concerns/content_facet_host_extensions.rb:14: warning: previous definition of TRACE_STATUS_MAP was here /opt/theforeman/tfm/root/usr/share/gems/gems/katello-3.7.0.46/app/models/katello/concerns/subscription_facet_host_extensions.rb:13: warning: already initialized constant Katello::Concerns::SubscriptionFacetHostExtensions::SUBSCRIPTION_STATUS_MAP /opt/theforeman/tfm/root/usr/share/gems/gems/katello-3.7.0.46/app/models/katello/concerns/subscription_facet_host_extensions.rb:13: warning: previous definition of SUBSCRIPTION_STATUS_MAP was here Waldirio, would it be possible to get access to your reproducer? I have a feeling this may be actually https://projects.theforeman.org/issues/26831, the patch would be trivial to test https://patch-diff.githubusercontent.com/raw/theforeman/foreman/pull/6772.diff if you or your customer is interested. Mac, I looked at your logs which showed different error, looking more https://projects.theforeman.org/issues/24497, where it turned out user had netgroups enabled for non netgroups use. Can you double check that? But then most likely you will start hitting the same as above. Mac, also this is related to your logs https://projects.theforeman.org/issues/25840 - fixed in 6.5 Hello all I'll test on 6.5 and will post the results here. Thank you! Best Regards -- Waldirio M Pinheiro | Senior Software Maintenance Engineer I have tested and can confirm that it's working on Satellite 6.6.0 Beta. We have recently updated our satellite and capsule servers to 6.5.2.1. Kindly confirm when will version 6.6.0 be out for public use? Regards, Ramesh Daryani Ramesh, If you had seen the update from Marek Hulan, earlier i.e. ~~~~~~~~~~~~~~~~~~~~~~ I have a feeling this may be actually https://projects.theforeman.org/issues/26831, the patch would be trivial to test https://patch-diff.githubusercontent.com/raw/theforeman/foreman/pull/6772.diff if you or your customer is interested. ~~~~~~~~~~~~~~~~~~~~~~ This is already delivered on Satellite 6.6 Public beta and seems to be working as it was expected. We will test the patch "https://patch-diff.githubusercontent.com/raw/theforeman/foreman/pull/6772.diff" on Satellite 6.5 and update here if that gives me a positive result. Meanwhile, Your patience will be appreciated. Regards, Sayan This landed upstream in 1.22 which is the basis for 6.6. Moving ON_QA for verification. *** Satellite 6.4.4 Hotfix Available *** 1) Download http://people.redhat.com/~mmccune/hotfix/HOTFIXRHBZ1639907.tar to your Satellite 2) Unpack and Install: tar cvf HOTFIXRHBZ1639907.tar rpm -Uvh foreman*.rpm 3) restart: satellite-maintain service restart 4) resume operations and verify ldap refresh functions properly Tested on Satelllite 6.6 Snap 22 using the reproducer from the initial report and comment #1. hammer> user-group info --id 8 Id: 8 Name: ADGroup2 Admin: yes Users: User groups: External user groups: foobargroup Roles: Created at: 2019/09/26 11:47:58 Updated at: 2019/09/26 11:47:58 ["foreman-rake ldap:refresh_usergroups" run in other terminal. No errors in the terminal or a log.> hammer> user-group info --id 8 Id: 8 Name: ADGroup2 Admin: yes Users: foobar User groups: External user groups: foobargroup Roles: Created at: 2019/09/26 11:47:58 Updated at: 2019/09/26 11:47:58 The user group mapped to an external group on a AD server gets updated successfully after running foreman-rake ldap:refresh_usergroups. VERIFIED Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:3172 |