Bug 1459674 - manageiq.api_token failing in playbook when using a multi-appliance deployment
Summary: manageiq.api_token failing in playbook when using a multi-appliance deployment
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Appliance
Version: 5.8.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: GA
: 5.9.0
Assignee: Tim Wade
QA Contact: Kedar Kulkarni
URL:
Whiteboard:
: 1459188 (view as bug list)
Depends On:
Blocks: 1460348
TreeView+ depends on / blocked
 
Reported: 2017-06-07 18:49 UTC by Jerome Marc
Modified: 2018-03-27 14:55 UTC (History)
6 users (show)

Fixed In Version: 5.9.0.1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1460348 (view as bug list)
Environment:
Last Closed: 2018-03-06 15:03:01 UTC
Category: ---
Cloudforms Team: ---
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Jerome Marc 2017-06-07 18:49:19 UTC 
Description of problem:
I am getting the following issue when refreshing VMware provider from a playbook  (implementing example from https://access.redhat.com/articles/3055801).
I am running out of a large deployment, LB + 2 UI + many workers, with one dedicated to Ansible.
As far as I can see (from the error), the manageiq.api_url returned is incorrect, and as such the api_token fails.

TASK [Refresh provider in CloudForms] ******************************************
fatal: [localhost]: FAILED! => {"cache_control": "no-cache", "changed": false, "connection": "close", "content": "{\"error\":{\"kind\":\"unauthorized\",\"message\":\"Invalid Authentication Token 5c384bc500c960508d33293b4bc795a4 specified\",\"klass\":\"Api::AuthenticationError\"}}", "content_security_policy": "default-src 'self'; connect-src 'self'; frame-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self'; style-src 'unsafe-inline' 'self'; report-uri /dashboard/csp_report", "content_type": "application/json; charset=utf-8", "date": "Wed, 07 Jun 2017 16:28:34 GMT", "failed": true, "json": {"error": {"kind": "unauthorized", "klass": "Api::AuthenticationError", "message": "Invalid Authentication Token 5c384bc500c960508d33293b4bc795a4 specified"}}, "msg": "Status code was not [200]: HTTP Error 401: Unauthorized", "redirected": false, "server": "Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.1e-fips mod_auth_kerb/5.4", "status": 401, "strict_transport_security": "max-age=631152000", "transfer_encoding": "chunked", "url": "https://10.9.62.73/api/providers/10000000000001", "x_content_type_options": "nosniff", "x_download_options": "noopen", "x_frame_options": "SAMEORIGIN", "x_permitted_cross_domain_policies": "none", "x_request_id": "09559f42-5618-47c3-a2ee-33c18f938b6e", "x_runtime": "0.008547", "x_xss_protection": "1; mode=block"}


Version-Release number of selected component (if applicable):
5.8.0.17.20170525183055_6317a22 

How reproducible:
Always

Steps to Reproduce:
1. Follow the steps in https://access.redhat.com/articles/3055801 (this assumes you have a multi-appliance setup)
2. Order the service


Actual results:
Invalid Authentication Token

Expected results:
Authentication should work

Additional info:
First comments from Engineering: problem could be that Authentication is failing because the token is stored in memcached as opposed to the Postgres.
It was fixed in this PR: https://github.com/ManageIQ/manageiq/pull/14947
Comment 2 Tim Wade 2017-06-08 15:46:27 UTC 
Marked https://github.com/ManageIQ/manageiq/pull/14947 fine/yes to resolve this
Comment 4 Dave Johnson 2017-06-12 20:38:59 UTC 
*** Bug 1459188 has been marked as a duplicate of this bug. ***
Comment 5 Dmitry Misharov 2018-01-09 15:39:59 UTC 
Fixed and verified in 5.9.0.15.20180103231404_ee61a82. Ansible service can be successfully provisioned on multiappliance setup using this guide https://access.redhat.com/articles/3055801.
Note You need to log in before you can comment on or make changes to this bug.