976578 – 401 Unauthorized from foreman during katello-configure

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 976578 - 401 Unauthorized from foreman during katello-configure

Summary: 401 Unauthorized from foreman during katello-configure

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Provisioning
Sub Component:
Version:	6.0.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	Unspecified
Assignee:	Dominic Cleal
QA Contact:	Og Maciel
Docs Contact:
URL:	http://projects.theforeman.org/issues...
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-06-20 21:35 UTC by Brad Buckingham
Modified:	2019-09-26 15:47 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-07-18 21:23:37 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Foreman Issue Tracker	2686	0	Urgent	Closed	foreman-config doesn't change boolean settings	2020-07-29 12:24:11 UTC

Description Brad Buckingham 2013-06-20 21:35:46 UTC

Description of problem:

Unable to successfully install/configure Satellite 6 from brewroot.

Version-Release number of selected component (if applicable):

# rpm -qa|grep foreman
foreman-installer-puppet-foreman-0-6.568c5c4.el6sat.noarch
foreman-installer-puppet-puppet-0-3.ab46748.el6sat.noarch
foreman-installer-puppet-xinetd-0-50a267b8.git.0.44aca6a.el6sat.noarch
foreman-installer-puppet-foreman_proxy-0-8.bd1e35d.el6sat.noarch
foreman-postgresql-1.1.10013-1.noarch
foreman-proxy-installer-1.0.1-10.f5ae2cd.el6sat.noarch
foreman-installer-puppet-dhcp-0-5.3a4a13c.el6sat.noarch
foreman-installer-puppet-tftp-0-5.ea6c5e5.el6sat.noarch
foreman-installer-puppet-concat-0-2.d776701.git.0.21ef926.el6sat.noarch
katello-configure-foreman-1.4.3-16.el6sat.noarch
foreman-1.1.10013-1.noarch
ruby193-rubygem-katello-foreman-engine-0.0.3-6.el6sat.noarch
foreman-proxy-1.1.10003-1.el6sat.noarch
ruby193-rubygem-foreman-katello-engine-0.0.8-6.el6sat.noarch
katello-foreman-all-1.4.2-17.el6sat.noarch
ruby193-rubygem-foreman_api-0.1.3-3.el6_4.noarch
foreman-installer-puppet-dns-0-7.fcae203.el6sat.noarch

# rpm -qa|grep katello
katello-common-1.4.2-17.el6sat.noarch
katello-selinux-1.4.3-3.el6sat.noarch
katello-cli-1.4.2-8.el6sat.noarch
katello-candlepin-cert-key-pair-1.0-1.noarch
katello-1.4.2-17.el6sat.noarch
katello-certs-tools-1.4.2-2.el6sat.noarch
katello-all-1.4.2-17.el6sat.noarch
ruby193-rubygem-katello_api-0.0.3-2.el6_4.noarch
katello-cli-common-1.4.2-8.el6sat.noarch
katello-glue-elasticsearch-1.4.2-17.el6sat.noarch
katello-configure-1.4.3-16.el6sat.noarch
katello-configure-foreman-1.4.3-16.el6sat.noarch
katello-qpid-broker-key-pair-1.0-1.noarch
ruby193-rubygem-katello-foreman-engine-0.0.3-6.el6sat.noarch
ruby193-rubygem-foreman-katello-engine-0.0.8-6.el6sat.noarch
signo-katello-0.0.19-1.el6sat.noarch
katello-foreman-all-1.4.2-17.el6sat.noarch
katello-glue-candlepin-1.4.2-17.el6sat.noarch
katello-glue-pulp-1.4.2-17.el6sat.noarch
katello-qpid-client-key-pair-1.0-1.noarch


How reproducible:
always

Steps to Reproduce:
1. set up sat6.repo to point to brewroot
2. yum install katello-foreman-all
3. katello-configure user-pass=admin

Actual results:

1. katello-configure succeeds.

2. Observe a several 401 Unauthorized errors in the foreman production.log.  For example:

Started GET "/foreman/api" for 127.0.0.1 at 2013-06-20 17:19:42 -0400
Processing by Api::V1::HomeController#index as JSON
  Rendered api/v1/errors/unauthorized.json.rabl (126.7ms)
Filter chain halted as :authorize rendered or redirected
Completed 401 Unauthorized in 329ms (Views: 289.7ms | ActiveRecord: 0.0ms)


Started GET "/foreman/api" for 127.0.0.1 at 2013-06-20 17:19:43 -0400
Processing by Api::V1::HomeController#index as JSON
  Rendered api/v1/errors/unauthorized.json.rabl (1.0ms)
Filter chain halted as :authorize rendered or redirected
Completed 401 Unauthorized in 3ms (Views: 2.4ms | ActiveRecord: 0.0ms)
Connecting to database specified by database.yml
Connecting to database specified by database.yml
Fog is not installed - unable to manage compute resources
Fog is not installed - unable to manage compute resources

...
...

3. Log in to the katello UI and observed a couple of error notices:

Failed to perform additional action KatelloForemanEngine::Actions::UserCreate: 401 Unauthorized

Failed to perform additional action KatelloForemanEngine::Actions::OrgCreate: 401 Unauthorized

4. Attempt to go to 'Provisioning', redirects to signo login; therefore, SSO not functioning.

Expected results:

No Errors observed

Additional info:

Comment 2 Dominic Cleal 2013-06-20 22:00:49 UTC

foreman-config hasn't initialised some settings correctly, namely all of the booleans:

irb(main):001:0> Setting.find_by_name('oauth_active').value
  Setting Load (1.0ms)  SELECT "settings".* FROM "settings" WHERE "settings"."name" = 'oauth_active' ORDER BY name LIMIT 1
=> false
irb(main):002:0> Setting.find_by_name('signo_sso').value
  Setting Load (1.6ms)  SELECT "settings".* FROM "settings" WHERE "settings"."name" = 'signo_sso' ORDER BY name LIMIT 1
=> false

But string values are correctly set up:

irb(main):003:0> Setting.find_by_name('signo_url').value
  Setting Load (0.8ms)  SELECT "settings".* FROM "settings" WHERE "settings"."name" = 'signo_url' ORDER BY name LIMIT 1
=> "https://dhcp129-198.rdu.redhat.com/signo"

Running `foreman-config -k oauth_active -v true` doesn't update the value.

This is due to the fix for upstream #2343 (https://github.com/theforeman/foreman/pull/637), which changed the interface to the setting model when passing in strings.  The settings controller was updated, but not foreman-config.

Comment 3 Dominic Cleal 2013-06-20 22:11:53 UTC

PR open: https://github.com/theforeman/foreman/pull/735

Workaround:
1. cd ~foreman && curl https://github.com/theforeman/foreman/pull/735.patch | patch -p1
2. re-run katello-configure

To verify, when visiting https://fqdn/foreman/, you should get redirected to Signo and be able to log in, whereas before it would display Foreman's own login page.

Comment 4 Brad Buckingham 2013-06-21 12:59:42 UTC

Mass move to ON_QA

Comment 5 Og Maciel 2013-06-22 02:33:30 UTC

Verified:
* apr-util-ldap-1.3.9-3.el6_0.1.x86_64
* candlepin-0.8.9-1.el6_4.noarch
* candlepin-scl-1-5.el6_4.noarch
* candlepin-scl-quartz-2.1.5-5.el6_4.noarch
* candlepin-scl-rhino-1.7R3-1.el6_4.noarch
* candlepin-scl-runtime-1-5.el6_4.noarch
* candlepin-selinux-0.8.9-1.el6_4.noarch
* candlepin-tomcat6-0.8.9-1.el6_4.noarch
* elasticsearch-0.19.9-8.el6sat.noarch
* foreman-1.1.10014-1.noarch
* foreman-compute-1.1.10014-1.noarch
* foreman-installer-puppet-concat-0-2.d776701.git.0.21ef926.el6sat.noarch
* foreman-installer-puppet-dhcp-0-5.3a4a13c.el6sat.noarch
* foreman-installer-puppet-dns-0-7.fcae203.el6sat.noarch
* foreman-installer-puppet-foreman-0-6.568c5c4.el6sat.noarch
* foreman-installer-puppet-foreman_proxy-0-8.bd1e35d.el6sat.noarch
* foreman-installer-puppet-puppet-0-3.ab46748.el6sat.noarch
* foreman-installer-puppet-tftp-0-5.ea6c5e5.el6sat.noarch
* foreman-installer-puppet-xinetd-0-50a267b8.git.0.44aca6a.el6sat.noarch
* foreman-libvirt-1.1.10014-1.noarch
* foreman-postgresql-1.1.10014-1.noarch
* foreman-proxy-1.1.10003-1.el6sat.noarch
* foreman-proxy-installer-1.0.1-10.f5ae2cd.el6sat.noarch
* katello-1.4.2-17.el6sat.noarch
* katello-all-1.4.2-17.el6sat.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.4.2-2.el6sat.noarch
* katello-cli-1.4.2-8.el6sat.noarch
* katello-cli-common-1.4.2-8.el6sat.noarch
* katello-common-1.4.2-17.el6sat.noarch
* katello-configure-1.4.3-16.el6sat.noarch
* katello-configure-foreman-1.4.3-16.el6sat.noarch
* katello-foreman-all-1.4.2-17.el6sat.noarch
* katello-glue-candlepin-1.4.2-17.el6sat.noarch
* katello-glue-elasticsearch-1.4.2-17.el6sat.noarch
* katello-glue-pulp-1.4.2-17.el6sat.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-qpid-client-key-pair-1.0-1.noarch
* katello-selinux-1.4.3-3.el6sat.noarch
* openldap-2.4.23-31.el6.x86_64
* pulp-rpm-plugins-2.1.2-1.el6sat.noarch
* pulp-selinux-2.1.2-1.el6sat.noarch
* pulp-server-2.1.2-1.el6sat.noarch
* python-ldap-2.3.10-1.el6.x86_64
* ruby193-rubygem-ldap_fluff-0.2.2-1.el6sat.noarch
* ruby193-rubygem-net-ldap-0.3.1-2.el6sat.noarch
* ruby193-rubygem-runcible-0.4.10-1.el6sat.noarch
* signo-0.0.19-1.el6sat.noarch
* signo-katello-0.0.19-1.el6sat.noarch

Comment 6 Mike McCune 2013-07-18 21:23:37 UTC

mass move to CLOSED:CURRENTRELEASE since MDP1 has been released.

Note You need to log in before you can comment on or make changes to this bug.