976578 – 401 Unauthorized from foreman during katello-configure

Bug 976578 - 401 Unauthorized from foreman during katello-configure

Summary: 401 Unauthorized from foreman during katello-configure

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Provisioning
Sub Component:
Version:	6.0.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	Unspecified
Assignee:	Dominic Cleal
QA Contact:	Og Maciel
Docs Contact:
URL:	http://projects.theforeman.org/issues...
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-06-20 21:35 UTC by Brad Buckingham
Modified:	2019-09-26 15:47 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-07-18 21:23:37 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Foreman Issue Tracker	2686	0	Urgent	Closed	foreman-config doesn't change boolean settings	2020-07-29 12:24:11 UTC

Description Brad Buckingham 2013-06-20 21:35:46 UTC

Description of problem:

Unable to successfully install/configure Satellite 6 from brewroot.

Version-Release number of selected component (if applicable):

# rpm -qa|grep foreman
foreman-installer-puppet-foreman-0-6.568c5c4.el6sat.noarch
foreman-installer-puppet-puppet-0-3.ab46748.el6sat.noarch
foreman-installer-puppet-xinetd-0-50a267b8.git.0.44aca6a.el6sat.noarch
foreman-installer-puppet-foreman_proxy-0-8.bd1e35d.el6sat.noarch
foreman-postgresql-1.1.10013-1.noarch
foreman-proxy-installer-1.0.1-10.f5ae2cd.el6sat.noarch
foreman-installer-puppet-dhcp-0-5.3a4a13c.el6sat.noarch
foreman-installer-puppet-tftp-0-5.ea6c5e5.el6sat.noarch
foreman-installer-puppet-concat-0-2.d776701.git.0.21ef926.el6sat.noarch
katello-configure-foreman-1.4.3-16.el6sat.noarch
foreman-1.1.10013-1.noarch
ruby193-rubygem-katello-foreman-engine-0.0.3-6.el6sat.noarch
foreman-proxy-1.1.10003-1.el6sat.noarch
ruby193-rubygem-foreman-katello-engine-0.0.8-6.el6sat.noarch
katello-foreman-all-1.4.2-17.el6sat.noarch
ruby193-rubygem-foreman_api-0.1.3-3.el6_4.noarch
foreman-installer-puppet-dns-0-7.fcae203.el6sat.noarch

# rpm -qa|grep katello
katello-common-1.4.2-17.el6sat.noarch
katello-selinux-1.4.3-3.el6sat.noarch
katello-cli-1.4.2-8.el6sat.noarch
katello-candlepin-cert-key-pair-1.0-1.noarch
katello-1.4.2-17.el6sat.noarch
katello-certs-tools-1.4.2-2.el6sat.noarch
katello-all-1.4.2-17.el6sat.noarch
ruby193-rubygem-katello_api-0.0.3-2.el6_4.noarch
katello-cli-common-1.4.2-8.el6sat.noarch
katello-glue-elasticsearch-1.4.2-17.el6sat.noarch
katello-configure-1.4.3-16.el6sat.noarch
katello-configure-foreman-1.4.3-16.el6sat.noarch
katello-qpid-broker-key-pair-1.0-1.noarch
ruby193-rubygem-katello-foreman-engine-0.0.3-6.el6sat.noarch
ruby193-rubygem-foreman-katello-engine-0.0.8-6.el6sat.noarch
signo-katello-0.0.19-1.el6sat.noarch
katello-foreman-all-1.4.2-17.el6sat.noarch
katello-glue-candlepin-1.4.2-17.el6sat.noarch
katello-glue-pulp-1.4.2-17.el6sat.noarch
katello-qpid-client-key-pair-1.0-1.noarch


How reproducible:
always

Steps to Reproduce:
1. set up sat6.repo to point to brewroot
2. yum install katello-foreman-all
3. katello-configure user-pass=admin

Actual results:

1. katello-configure succeeds.

2. Observe a several 401 Unauthorized errors in the foreman production.log.  For example:

Started GET "/foreman/api" for 127.0.0.1 at 2013-06-20 17:19:42 -0400
Processing by Api::V1::HomeController#index as JSON
  Rendered api/v1/errors/unauthorized.json.rabl (126.7ms)
Filter chain halted as :authorize rendered or redirected
Completed 401 Unauthorized in 329ms (Views: 289.7ms | ActiveRecord: 0.0ms)


Started GET "/foreman/api" for 127.0.0.1 at 2013-06-20 17:19:43 -0400
Processing by Api::V1::HomeController#index as JSON
  Rendered api/v1/errors/unauthorized.json.rabl (1.0ms)
Filter chain halted as :authorize rendered or redirected
Completed 401 Unauthorized in 3ms (Views: 2.4ms | ActiveRecord: 0.0ms)
Connecting to database specified by database.yml
Connecting to database specified by database.yml
Fog is not installed - unable to manage compute resources
Fog is not installed - unable to manage compute resources

...
...

3. Log in to the katello UI and observed a couple of error notices:

Failed to perform additional action KatelloForemanEngine::Actions::UserCreate: 401 Unauthorized

Failed to perform additional action KatelloForemanEngine::Actions::OrgCreate: 401 Unauthorized

4. Attempt to go to 'Provisioning', redirects to signo login; therefore, SSO not functioning.

Expected results:

No Errors observed

Additional info:

Comment 2 Dominic Cleal 2013-06-20 22:00:49 UTC

foreman-config hasn't initialised some settings correctly, namely all of the booleans:

irb(main):001:0> Setting.find_by_name('oauth_active').value
  Setting Load (1.0ms)  SELECT "settings".* FROM "settings" WHERE "settings"."name" = 'oauth_active' ORDER BY name LIMIT 1
=> false
irb(main):002:0> Setting.find_by_name('signo_sso').value
  Setting Load (1.6ms)  SELECT "settings".* FROM "settings" WHERE "settings"."name" = 'signo_sso' ORDER BY name LIMIT 1
=> false

But string values are correctly set up:

irb(main):003:0> Setting.find_by_name('signo_url').value
  Setting Load (0.8ms)  SELECT "settings".* FROM "settings" WHERE "settings"."name" = 'signo_url' ORDER BY name LIMIT 1
=> "https://dhcp129-198.rdu.redhat.com/signo"

Running `foreman-config -k oauth_active -v true` doesn't update the value.

This is due to the fix for upstream #2343 (https://github.com/theforeman/foreman/pull/637), which changed the interface to the setting model when passing in strings.  The settings controller was updated, but not foreman-config.

Comment 3 Dominic Cleal 2013-06-20 22:11:53 UTC

PR open: https://github.com/theforeman/foreman/pull/735

Workaround:
1. cd ~foreman && curl https://github.com/theforeman/foreman/pull/735.patch | patch -p1
2. re-run katello-configure

To verify, when visiting https://fqdn/foreman/, you should get redirected to Signo and be able to log in, whereas before it would display Foreman's own login page.

Comment 4 Brad Buckingham 2013-06-21 12:59:42 UTC

Mass move to ON_QA

Comment 5 Og Maciel 2013-06-22 02:33:30 UTC

Verified:
* apr-util-ldap-1.3.9-3.el6_0.1.x86_64
* candlepin-0.8.9-1.el6_4.noarch
* candlepin-scl-1-5.el6_4.noarch
* candlepin-scl-quartz-2.1.5-5.el6_4.noarch
* candlepin-scl-rhino-1.7R3-1.el6_4.noarch
* candlepin-scl-runtime-1-5.el6_4.noarch
* candlepin-selinux-0.8.9-1.el6_4.noarch
* candlepin-tomcat6-0.8.9-1.el6_4.noarch
* elasticsearch-0.19.9-8.el6sat.noarch
* foreman-1.1.10014-1.noarch
* foreman-compute-1.1.10014-1.noarch
* foreman-installer-puppet-concat-0-2.d776701.git.0.21ef926.el6sat.noarch
* foreman-installer-puppet-dhcp-0-5.3a4a13c.el6sat.noarch
* foreman-installer-puppet-dns-0-7.fcae203.el6sat.noarch
* foreman-installer-puppet-foreman-0-6.568c5c4.el6sat.noarch
* foreman-installer-puppet-foreman_proxy-0-8.bd1e35d.el6sat.noarch
* foreman-installer-puppet-puppet-0-3.ab46748.el6sat.noarch
* foreman-installer-puppet-tftp-0-5.ea6c5e5.el6sat.noarch
* foreman-installer-puppet-xinetd-0-50a267b8.git.0.44aca6a.el6sat.noarch
* foreman-libvirt-1.1.10014-1.noarch
* foreman-postgresql-1.1.10014-1.noarch
* foreman-proxy-1.1.10003-1.el6sat.noarch
* foreman-proxy-installer-1.0.1-10.f5ae2cd.el6sat.noarch
* katello-1.4.2-17.el6sat.noarch
* katello-all-1.4.2-17.el6sat.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.4.2-2.el6sat.noarch
* katello-cli-1.4.2-8.el6sat.noarch
* katello-cli-common-1.4.2-8.el6sat.noarch
* katello-common-1.4.2-17.el6sat.noarch
* katello-configure-1.4.3-16.el6sat.noarch
* katello-configure-foreman-1.4.3-16.el6sat.noarch
* katello-foreman-all-1.4.2-17.el6sat.noarch
* katello-glue-candlepin-1.4.2-17.el6sat.noarch
* katello-glue-elasticsearch-1.4.2-17.el6sat.noarch
* katello-glue-pulp-1.4.2-17.el6sat.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-qpid-client-key-pair-1.0-1.noarch
* katello-selinux-1.4.3-3.el6sat.noarch
* openldap-2.4.23-31.el6.x86_64
* pulp-rpm-plugins-2.1.2-1.el6sat.noarch
* pulp-selinux-2.1.2-1.el6sat.noarch
* pulp-server-2.1.2-1.el6sat.noarch
* python-ldap-2.3.10-1.el6.x86_64
* ruby193-rubygem-ldap_fluff-0.2.2-1.el6sat.noarch
* ruby193-rubygem-net-ldap-0.3.1-2.el6sat.noarch
* ruby193-rubygem-runcible-0.4.10-1.el6sat.noarch
* signo-0.0.19-1.el6sat.noarch
* signo-katello-0.0.19-1.el6sat.noarch

Comment 6 Mike McCune 2013-07-18 21:23:37 UTC

mass move to CLOSED:CURRENTRELEASE since MDP1 has been released.

Note You need to log in before you can comment on or make changes to this bug.