Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 976578

Summary: 401 Unauthorized from foreman during katello-configure
Product: Red Hat Satellite Reporter: Brad Buckingham <bbuckingham>
Component: ProvisioningAssignee: Dominic Cleal <dcleal>
Status: CLOSED CURRENTRELEASE QA Contact: Og Maciel <omaciel>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.0.1CC: dcleal, omaciel, skottler
Target Milestone: Unspecified   
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
URL: http://projects.theforeman.org/issues/2686
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-07-18 21:23:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Brad Buckingham 2013-06-20 21:35:46 UTC 
Description of problem:

Unable to successfully install/configure Satellite 6 from brewroot.

Version-Release number of selected component (if applicable):

# rpm -qa|grep foreman
foreman-installer-puppet-foreman-0-6.568c5c4.el6sat.noarch
foreman-installer-puppet-puppet-0-3.ab46748.el6sat.noarch
foreman-installer-puppet-xinetd-0-50a267b8.git.0.44aca6a.el6sat.noarch
foreman-installer-puppet-foreman_proxy-0-8.bd1e35d.el6sat.noarch
foreman-postgresql-1.1.10013-1.noarch
foreman-proxy-installer-1.0.1-10.f5ae2cd.el6sat.noarch
foreman-installer-puppet-dhcp-0-5.3a4a13c.el6sat.noarch
foreman-installer-puppet-tftp-0-5.ea6c5e5.el6sat.noarch
foreman-installer-puppet-concat-0-2.d776701.git.0.21ef926.el6sat.noarch
katello-configure-foreman-1.4.3-16.el6sat.noarch
foreman-1.1.10013-1.noarch
ruby193-rubygem-katello-foreman-engine-0.0.3-6.el6sat.noarch
foreman-proxy-1.1.10003-1.el6sat.noarch
ruby193-rubygem-foreman-katello-engine-0.0.8-6.el6sat.noarch
katello-foreman-all-1.4.2-17.el6sat.noarch
ruby193-rubygem-foreman_api-0.1.3-3.el6_4.noarch
foreman-installer-puppet-dns-0-7.fcae203.el6sat.noarch

# rpm -qa|grep katello
katello-common-1.4.2-17.el6sat.noarch
katello-selinux-1.4.3-3.el6sat.noarch
katello-cli-1.4.2-8.el6sat.noarch
katello-candlepin-cert-key-pair-1.0-1.noarch
katello-1.4.2-17.el6sat.noarch
katello-certs-tools-1.4.2-2.el6sat.noarch
katello-all-1.4.2-17.el6sat.noarch
ruby193-rubygem-katello_api-0.0.3-2.el6_4.noarch
katello-cli-common-1.4.2-8.el6sat.noarch
katello-glue-elasticsearch-1.4.2-17.el6sat.noarch
katello-configure-1.4.3-16.el6sat.noarch
katello-configure-foreman-1.4.3-16.el6sat.noarch
katello-qpid-broker-key-pair-1.0-1.noarch
ruby193-rubygem-katello-foreman-engine-0.0.3-6.el6sat.noarch
ruby193-rubygem-foreman-katello-engine-0.0.8-6.el6sat.noarch
signo-katello-0.0.19-1.el6sat.noarch
katello-foreman-all-1.4.2-17.el6sat.noarch
katello-glue-candlepin-1.4.2-17.el6sat.noarch
katello-glue-pulp-1.4.2-17.el6sat.noarch
katello-qpid-client-key-pair-1.0-1.noarch


How reproducible:
always

Steps to Reproduce:
1. set up sat6.repo to point to brewroot
2. yum install katello-foreman-all
3. katello-configure user-pass=admin

Actual results:

1. katello-configure succeeds.

2. Observe a several 401 Unauthorized errors in the foreman production.log.  For example:

Started GET "/foreman/api" for 127.0.0.1 at 2013-06-20 17:19:42 -0400
Processing by Api::V1::HomeController#index as JSON
  Rendered api/v1/errors/unauthorized.json.rabl (126.7ms)
Filter chain halted as :authorize rendered or redirected
Completed 401 Unauthorized in 329ms (Views: 289.7ms | ActiveRecord: 0.0ms)


Started GET "/foreman/api" for 127.0.0.1 at 2013-06-20 17:19:43 -0400
Processing by Api::V1::HomeController#index as JSON
  Rendered api/v1/errors/unauthorized.json.rabl (1.0ms)
Filter chain halted as :authorize rendered or redirected
Completed 401 Unauthorized in 3ms (Views: 2.4ms | ActiveRecord: 0.0ms)
Connecting to database specified by database.yml
Connecting to database specified by database.yml
Fog is not installed - unable to manage compute resources
Fog is not installed - unable to manage compute resources

...
...

3. Log in to the katello UI and observed a couple of error notices:

Failed to perform additional action KatelloForemanEngine::Actions::UserCreate: 401 Unauthorized

Failed to perform additional action KatelloForemanEngine::Actions::OrgCreate: 401 Unauthorized

4. Attempt to go to 'Provisioning', redirects to signo login; therefore, SSO not functioning.

Expected results:

No Errors observed

Additional info:
Comment 2 Dominic Cleal 2013-06-20 22:00:49 UTC 
foreman-config hasn't initialised some settings correctly, namely all of the booleans:

irb(main):001:0> Setting.find_by_name('oauth_active').value
  Setting Load (1.0ms)  SELECT "settings".* FROM "settings" WHERE "settings"."name" = 'oauth_active' ORDER BY name LIMIT 1
=> false
irb(main):002:0> Setting.find_by_name('signo_sso').value
  Setting Load (1.6ms)  SELECT "settings".* FROM "settings" WHERE "settings"."name" = 'signo_sso' ORDER BY name LIMIT 1
=> false

But string values are correctly set up:

irb(main):003:0> Setting.find_by_name('signo_url').value
  Setting Load (0.8ms)  SELECT "settings".* FROM "settings" WHERE "settings"."name" = 'signo_url' ORDER BY name LIMIT 1
=> "https://dhcp129-198.rdu.redhat.com/signo"

Running `foreman-config -k oauth_active -v true` doesn't update the value.

This is due to the fix for upstream #2343 (https://github.com/theforeman/foreman/pull/637), which changed the interface to the setting model when passing in strings.  The settings controller was updated, but not foreman-config.
Comment 3 Dominic Cleal 2013-06-20 22:11:53 UTC 
PR open: https://github.com/theforeman/foreman/pull/735

Workaround:
1. cd ~foreman && curl https://github.com/theforeman/foreman/pull/735.patch | patch -p1
2. re-run katello-configure

To verify, when visiting https://fqdn/foreman/, you should get redirected to Signo and be able to log in, whereas before it would display Foreman's own login page.
Comment 4 Brad Buckingham 2013-06-21 12:59:42 UTC 
Mass move to ON_QA
Comment 5 Og Maciel 2013-06-22 02:33:30 UTC 
Verified:
* apr-util-ldap-1.3.9-3.el6_0.1.x86_64
* candlepin-0.8.9-1.el6_4.noarch
* candlepin-scl-1-5.el6_4.noarch
* candlepin-scl-quartz-2.1.5-5.el6_4.noarch
* candlepin-scl-rhino-1.7R3-1.el6_4.noarch
* candlepin-scl-runtime-1-5.el6_4.noarch
* candlepin-selinux-0.8.9-1.el6_4.noarch
* candlepin-tomcat6-0.8.9-1.el6_4.noarch
* elasticsearch-0.19.9-8.el6sat.noarch
* foreman-1.1.10014-1.noarch
* foreman-compute-1.1.10014-1.noarch
* foreman-installer-puppet-concat-0-2.d776701.git.0.21ef926.el6sat.noarch
* foreman-installer-puppet-dhcp-0-5.3a4a13c.el6sat.noarch
* foreman-installer-puppet-dns-0-7.fcae203.el6sat.noarch
* foreman-installer-puppet-foreman-0-6.568c5c4.el6sat.noarch
* foreman-installer-puppet-foreman_proxy-0-8.bd1e35d.el6sat.noarch
* foreman-installer-puppet-puppet-0-3.ab46748.el6sat.noarch
* foreman-installer-puppet-tftp-0-5.ea6c5e5.el6sat.noarch
* foreman-installer-puppet-xinetd-0-50a267b8.git.0.44aca6a.el6sat.noarch
* foreman-libvirt-1.1.10014-1.noarch
* foreman-postgresql-1.1.10014-1.noarch
* foreman-proxy-1.1.10003-1.el6sat.noarch
* foreman-proxy-installer-1.0.1-10.f5ae2cd.el6sat.noarch
* katello-1.4.2-17.el6sat.noarch
* katello-all-1.4.2-17.el6sat.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.4.2-2.el6sat.noarch
* katello-cli-1.4.2-8.el6sat.noarch
* katello-cli-common-1.4.2-8.el6sat.noarch
* katello-common-1.4.2-17.el6sat.noarch
* katello-configure-1.4.3-16.el6sat.noarch
* katello-configure-foreman-1.4.3-16.el6sat.noarch
* katello-foreman-all-1.4.2-17.el6sat.noarch
* katello-glue-candlepin-1.4.2-17.el6sat.noarch
* katello-glue-elasticsearch-1.4.2-17.el6sat.noarch
* katello-glue-pulp-1.4.2-17.el6sat.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-qpid-client-key-pair-1.0-1.noarch
* katello-selinux-1.4.3-3.el6sat.noarch
* openldap-2.4.23-31.el6.x86_64
* pulp-rpm-plugins-2.1.2-1.el6sat.noarch
* pulp-selinux-2.1.2-1.el6sat.noarch
* pulp-server-2.1.2-1.el6sat.noarch
* python-ldap-2.3.10-1.el6.x86_64
* ruby193-rubygem-ldap_fluff-0.2.2-1.el6sat.noarch
* ruby193-rubygem-net-ldap-0.3.1-2.el6sat.noarch
* ruby193-rubygem-runcible-0.4.10-1.el6sat.noarch
* signo-0.0.19-1.el6sat.noarch
* signo-katello-0.0.19-1.el6sat.noarch
Comment 6 Mike McCune 2013-07-18 21:23:37 UTC 
mass move to CLOSED:CURRENTRELEASE since MDP1 has been released.