Bug 1771425 - Keycloak httpd configuration lost after installer run
Summary: Keycloak httpd configuration lost after installer run
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Authentication
Version: 6.7.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: 6.7.0
Assignee: Ewoud Kohl van Wijngaarden
QA Contact: Omkar Khatavkar
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-11-12 10:56 UTC by Nikhil Kathole
Modified: 2020-04-14 13:27 UTC (History)
6 users (show)

Fixed In Version: foreman-installer-1.24.1.13-1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-04-14 13:27:10 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 28436 0 Normal Closed Add Keycloak authentication support 2020-11-24 12:33:20 UTC
Github theforeman puppet-foreman pull 779 0 None closed Fixes #28436 - Add keycloak support 2020-11-24 12:33:20 UTC
Red Hat Product Errata RHSA-2020:1454 0 None None None 2020-04-14 13:27:20 UTC

Description Nikhil Kathole 2019-11-12 10:56:39 UTC 
Description of problem:

Keycloak integation with satellite is based on /etc/httpd/conf.d/foreman-openidc_oidc_keycloak_Example.conf generated by 
keycloak-httpd-client-install --app-name foreman-openidc --keycloak-server-url "{{ RHSSO_URL }}" --keycloak-admin-username "{{ RHSSO_USER }}" --keycloak-admin-password password.txt --keycloak-realm "{{ RHSSO_REALM }}" --keycloak-admin-realm master --keycloak-auth-role root-admin -t openidc -l /users/extlogin --tls-verify false --force

But the configuration lost after installer run.


Version-Release number of selected component (if applicable):
Satellite 6.7 snap 1


How reproducible:
always

Steps to Reproduce:
1. Setup keycloak  integration with satellite
2. Run installer/upgrade
3. See integration lost

Actual results:
Before:
# ls /etc/httpd/conf.d/
03-crane.conf                  05-foreman-ssl.conf  foreman-openidc_oidc_keycloak_Example.conf  pulp_docker.conf  pulp_rpm.conf
05-foreman.conf                05-foreman-ssl.d     passenger.conf                              pulp_iso.conf     pulp_streamer.conf
05-foreman.d                   15-default.conf      pulp.conf                                   pulp_ostree.conf  pulp-vhosts80
05-foreman_proxy_content.conf  auth_openidc.conf    pulp_content.conf                           pulp_puppet.conf  ssl.conf

After:
# ls /etc/httpd/conf.d/
03-crane.conf    05-foreman_proxy_content.conf  15-default.conf  pulp_content.conf  pulp_ostree.conf  pulp_streamer.conf
05-foreman.conf  05-foreman-ssl.conf            passenger.conf   pulp_docker.conf   pulp_puppet.conf  pulp-vhosts80
05-foreman.d     05-foreman-ssl.d               pulp.conf        pulp_iso.conf      pulp_rpm.conf     ssl.conf


Expected results:
Configuration should not lost, 

Additional info:
Comment 4 Rahul Bajaj 2019-12-12 15:37:14 UTC 
Hello Marek,

Sorry for the late reply! Ewoud is working on the installer part. 
He has a draft PR created on github, one can track the PR here: https://github.com/theforeman/puppet-foreman/pull/779

Thanks,
Comment 5 Rahul Bajaj 2020-01-20 04:45:57 UTC 
Hello, 

From what I understand, other parts of installer are yet broken, once those are fixed, Ewoud would have a better hold on this issue.

Thanks,
Comment 6 Bryan Kearney 2020-03-02 15:02:10 UTC 
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/28436 has been resolved.
Comment 14 errata-xmlrpc 2020-04-14 13:27:10 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:1454
Note You need to log in before you can comment on or make changes to this bug.