869320 – Initial configuration fails if using LDAP

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 869320 - Initial configuration fails if using LDAP

Summary: Initial configuration fails if using LDAP

Keywords:
Status:	CLOSED WORKSFORME
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Installation
Sub Component:
Version:	6.0.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	Unspecified
Assignee:	Jordan OMara
QA Contact:	Katello QA List
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	sam12-tracker
TreeView+	depends on / blocked

Reported:	2012-10-23 15:15 UTC by Og Maciel
Modified:	2014-11-09 22:56 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-11-05 21:04:40 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Og Maciel 2012-10-23 15:15:52 UTC

Description of problem:

katello-configure fails if you use LDAP authentication

Version-Release number of selected component (if applicable):

* candlepin-0.7.8.1-1.el6cf.noarch
* candlepin-selinux-0.7.8.1-1.el6cf.noarch
* candlepin-tomcat6-0.7.8.1-1.el6cf.noarch
* katello-1.1.12-17.el6cf.noarch
* katello-all-1.1.12-17.el6cf.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.1.8-1.el6cf.noarch
* katello-cli-1.1.8-9.el6cf.noarch
* katello-cli-common-1.1.8-9.el6cf.noarch
* katello-common-1.1.12-17.el6cf.noarch
* katello-configure-1.1.9-8.el6cf.noarch
* katello-glue-candlepin-1.1.12-17.el6cf.noarch
* katello-glue-pulp-1.1.12-17.el6cf.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-qpid-client-key-pair-1.0-1.noarch
* katello-selinux-1.1.1-2.el6cf.noarch
* pulp-1.1.14-1.el6cf.noarch
* pulp-common-1.1.14-1.el6cf.noarch
* pulp-selinux-server-1.1.14-1.el6cf.noarch

How reproducible:


Steps to Reproduce:
1. katello-configure --deployment=cfse --user-name=admin --user-pass=admin --user-email=<email> --org-name='CFSE QE' --ldap-server=<server> --auth-method=ldap --ldap-port=389 --ldap-server-type=':active_directory' --ldap-users-basedn=<foo> --ldap-group-basedn=<bar> --ldap-roles=true --ldap-anon-queries=false --ldap-service-user=admin --ldap-service-pass=admin --ldap-ad-domain=<domain> --reset-data=YES
2.
3.
  
Actual results:

Starting Katello configuration
The top-level log file is [/var/log/katello/katello-configure-20121023-110840/main.log]
err: /Stage[main]/Postgres::Service/Exec[wait-for-postgresql]: Failed to call refresh: Command exceeded timeout at /usr/share/katello/install/puppet/modules/postgres/manifests/service.pp:26
Creating Candlepin database user

  Failed, please check [/var/log/katello/katello-configure/create-postgresql-candlepin-user.log]
  Report errors using # katello-debug tool.
err: /Stage[main]/Candlepin::Config/Postgres::Dropdb[candlepin]/Sqlexec[dropdb-candlepin]/Exec[psql -h localhost --username=postgres postgres -c "DROP DATABASE candlepin;" >> /var/log/katello/katello-configure/drop-postgresql-candlepin-database.log 2>&1]: Failed to call refresh: psql -h localhost --username=postgres postgres -c "DROP DATABASE candlepin;" >> /var/log/katello/katello-configure/drop-postgresql-candlepin-database.log 2>&1 returned 2 instead of one of [0] at /usr/share/katello/install/puppet/modules/postgres/manifests/sqlexec.pp:16
Creating Katello database user

  Failed, please check [/var/log/katello/katello-configure/create-postgresql-katello-user.log]
  Report errors using # katello-debug tool.
err: /Stage[main]/Katello::Config/Postgres::Dropdb[katelloschema]/Sqlexec[dropdb-katelloschema]/Exec[psql -h localhost --username=postgres postgres -c "DROP DATABASE katelloschema;" >> /var/log/katello/katello-configure/drop-postgresql-katello-database.log 2>&1]: Failed to call refresh: psql -h localhost --username=postgres postgres -c "DROP DATABASE katelloschema;" >> /var/log/katello/katello-configure/drop-postgresql-katello-database.log 2>&1 returned 2 instead of one of [0] at /usr/share/katello/install/puppet/modules/postgres/manifests/sqlexec.pp:16

Expected results:


Additional info:

Comment 2 Og Maciel 2012-10-23 18:18:55 UTC

Ivan had asked me to try the same setup using puddle #5 and sure enough that also failed for me... however, and I am **100%** sure about this, I had tried this with puddle #5 and it worked! The difference seems to be that, back then I had already configured my system without LDAP and then re-ran katello-configure to use LDAP.

Also, seems that once I ran my configuration with LDAP, I could not re-run it without LDAP anymore, as the configuration also broke. To (hopefully) be clear:

Puddle #5
---------

* Initial katello-configure with ldap failed... attempts to run katello-configure with or without ldap worked afterward
* Initial katello-configure without ldap worked... re-run katello-configure with ldap worked afterward

Puddle #6
---------
* Initial katello-configure with ldap failed... attempts to run katello-configure also failed
* Initial katello-configure without ldap worked... re-run katello-configure with ldap also failed afterward

The error during the second configuration using ldap showed:
Starting Katello configuration
The top-level log file is [/var/log/katello/katello-configure-20121023-134200/main.log]
Creating Katello database
############################################################ ... OK
Populating Katello database schema
############################################################ ... OK
Initializing Katello data
###########################################################
Failed, please check [/var/log/katello/katello-configure/db_seed.log]
Report errors using # katello-debug tool.
Initializing Katello data
###########################################################
Failed, please check [/var/log/katello/katello-configure/db_seed.log]
Report errors using # katello-debug tool.

Comment 4 Og Maciel 2012-10-23 19:51:50 UTC

Tried the same exact installation and configuration several times... the last 2 times everything worked w/o a glitch.

Comment 5 Jordan OMara 2012-10-24 14:18:33 UTC

I get a different error about candlepin database:

121024-09:54:15 err: /Stage[main]/Candlepin::Config/Postgres::Dropdb[candlepin]/Sqlexec[dropdb-candlepin]/Exec[psql -h localhost --username=postgres postgres -c "DROP DATABASE candlepin;" >> /var/log/katello/katello-configure/drop-postgresql-candlepin-database.log 2>&1]: Failed to call refresh: psql -h localhost --username=postgres postgres -c "DROP DATABASE candlepin;" >> /var/log/katello/katello-configure/drop-postgresql-candlepin-database.log 2>&1 returned 1 instead of one of [0] at /usr/share/katello/install/puppet/modules/postgres/manifests/sqlexec.pp:16


However, it is because of the --reset-data flag. If this is set on a CLEAN run, you will get an innocuous error about the candlepin db not existing. This is because reset-data forces a candlepin db drop even if it does not exist.

After configuration, despite this error, my installation succeeded and connected to Active Directory correctly

Comment 6 Jordan OMara 2012-10-24 19:28:01 UTC

The above error is just because of the --reset-data flag. I have tried several times to generate other errors with various ldap configs and cannot; each time I get a working CFSE hooked up to Og's AD server as expected

Comment 7 Mike McCune 2013-08-16 18:14:06 UTC

getting rid of 6.0.0 version since that doesn't exist

Note You need to log in before you can comment on or make changes to this bug.