Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 869320

Summary: Initial configuration fails if using LDAP
Product: Red Hat Satellite Reporter: Og Maciel <omaciel>
Component: InstallationAssignee: Jordan OMara <jomara>
Status: CLOSED WORKSFORME QA Contact: Katello QA List <katello-qa-list>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.0.1CC: athomas, aweiteka, inecas, jomara, mmccune, tomckay
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-11-05 21:04:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 816564    

Description Og Maciel 2012-10-23 15:15:52 UTC 
Description of problem:

katello-configure fails if you use LDAP authentication

Version-Release number of selected component (if applicable):

* candlepin-0.7.8.1-1.el6cf.noarch
* candlepin-selinux-0.7.8.1-1.el6cf.noarch
* candlepin-tomcat6-0.7.8.1-1.el6cf.noarch
* katello-1.1.12-17.el6cf.noarch
* katello-all-1.1.12-17.el6cf.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.1.8-1.el6cf.noarch
* katello-cli-1.1.8-9.el6cf.noarch
* katello-cli-common-1.1.8-9.el6cf.noarch
* katello-common-1.1.12-17.el6cf.noarch
* katello-configure-1.1.9-8.el6cf.noarch
* katello-glue-candlepin-1.1.12-17.el6cf.noarch
* katello-glue-pulp-1.1.12-17.el6cf.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-qpid-client-key-pair-1.0-1.noarch
* katello-selinux-1.1.1-2.el6cf.noarch
* pulp-1.1.14-1.el6cf.noarch
* pulp-common-1.1.14-1.el6cf.noarch
* pulp-selinux-server-1.1.14-1.el6cf.noarch

How reproducible:


Steps to Reproduce:
1. katello-configure --deployment=cfse --user-name=admin --user-pass=admin --user-email=<email> --org-name='CFSE QE' --ldap-server=<server> --auth-method=ldap --ldap-port=389 --ldap-server-type=':active_directory' --ldap-users-basedn=<foo> --ldap-group-basedn=<bar> --ldap-roles=true --ldap-anon-queries=false --ldap-service-user=admin --ldap-service-pass=admin --ldap-ad-domain=<domain> --reset-data=YES
2.
3.
  
Actual results:

Starting Katello configuration
The top-level log file is [/var/log/katello/katello-configure-20121023-110840/main.log]
err: /Stage[main]/Postgres::Service/Exec[wait-for-postgresql]: Failed to call refresh: Command exceeded timeout at /usr/share/katello/install/puppet/modules/postgres/manifests/service.pp:26
Creating Candlepin database user

  Failed, please check [/var/log/katello/katello-configure/create-postgresql-candlepin-user.log]
  Report errors using # katello-debug tool.
err: /Stage[main]/Candlepin::Config/Postgres::Dropdb[candlepin]/Sqlexec[dropdb-candlepin]/Exec[psql -h localhost --username=postgres postgres -c "DROP DATABASE candlepin;" >> /var/log/katello/katello-configure/drop-postgresql-candlepin-database.log 2>&1]: Failed to call refresh: psql -h localhost --username=postgres postgres -c "DROP DATABASE candlepin;" >> /var/log/katello/katello-configure/drop-postgresql-candlepin-database.log 2>&1 returned 2 instead of one of [0] at /usr/share/katello/install/puppet/modules/postgres/manifests/sqlexec.pp:16
Creating Katello database user

  Failed, please check [/var/log/katello/katello-configure/create-postgresql-katello-user.log]
  Report errors using # katello-debug tool.
err: /Stage[main]/Katello::Config/Postgres::Dropdb[katelloschema]/Sqlexec[dropdb-katelloschema]/Exec[psql -h localhost --username=postgres postgres -c "DROP DATABASE katelloschema;" >> /var/log/katello/katello-configure/drop-postgresql-katello-database.log 2>&1]: Failed to call refresh: psql -h localhost --username=postgres postgres -c "DROP DATABASE katelloschema;" >> /var/log/katello/katello-configure/drop-postgresql-katello-database.log 2>&1 returned 2 instead of one of [0] at /usr/share/katello/install/puppet/modules/postgres/manifests/sqlexec.pp:16

Expected results:


Additional info:
Comment 2 Og Maciel 2012-10-23 18:18:55 UTC 
Ivan had asked me to try the same setup using puddle #5 and sure enough that also failed for me... however, and I am **100%** sure about this, I had tried this with puddle #5 and it worked! The difference seems to be that, back then I had already configured my system without LDAP and then re-ran katello-configure to use LDAP.

Also, seems that once I ran my configuration with LDAP, I could not re-run it without LDAP anymore, as the configuration also broke.  To (hopefully) be clear:

Puddle #5
---------

* Initial katello-configure with ldap failed... attempts to run katello-configure with or without ldap worked afterward
* Initial katello-configure without ldap worked... re-run katello-configure with ldap worked afterward

Puddle #6
---------
* Initial katello-configure with ldap failed... attempts to run katello-configure also failed
* Initial katello-configure without ldap worked... re-run katello-configure with ldap also failed afterward


The error during the second configuration using ldap showed:
Starting Katello configuration
The top-level log file is [/var/log/katello/katello-configure-20121023-134200/main.log]
Creating Katello database
############################################################ ... OK
Populating Katello database schema
############################################################ ... OK
Initializing Katello data
###########################################################
  Failed, please check [/var/log/katello/katello-configure/db_seed.log]
  Report errors using # katello-debug tool.
Initializing Katello data
###########################################################
  Failed, please check [/var/log/katello/katello-configure/db_seed.log]
  Report errors using # katello-debug tool.
Comment 4 Og Maciel 2012-10-23 19:51:50 UTC 
Tried the same exact installation and configuration several times... the last 2 times everything worked w/o a glitch.
Comment 5 Jordan OMara 2012-10-24 14:18:33 UTC 
I get a different error about candlepin database:

121024-09:54:15 err: /Stage[main]/Candlepin::Config/Postgres::Dropdb[candlepin]/Sqlexec[dropdb-candlepin]/Exec[psql -h localhost --username=postgres postgres -c "DROP DATABASE candlepin;" >> /var/log/katello/katello-configure/drop-postgresql-candlepin-database.log 2>&1]: Failed to call refresh: psql -h localhost --username=postgres postgres -c "DROP DATABASE candlepin;" >> /var/log/katello/katello-configure/drop-postgresql-candlepin-database.log 2>&1 returned 1 instead of one of [0] at /usr/share/katello/install/puppet/modules/postgres/manifests/sqlexec.pp:16


However, it is because of the --reset-data flag. If this is set on a CLEAN run, you will get an innocuous error about the candlepin db not existing. This is because reset-data forces a candlepin db drop even if it does not exist.

After configuration, despite this error, my installation succeeded and connected to Active Directory correctly
Comment 6 Jordan OMara 2012-10-24 19:28:01 UTC 
The above error is just because of the --reset-data flag. I have tried several times to generate other errors with various ldap configs and cannot; each time I get a working CFSE hooked up to Og's AD server as expected
Comment 7 Mike McCune 2013-08-16 18:14:06 UTC 
getting rid of 6.0.0 version since that doesn't exist