Bug 976578 - 401 Unauthorized from foreman during katello-configure
401 Unauthorized from foreman during katello-configure
Status: CLOSED CURRENTRELEASE
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Provisioning (Show other bugs)
6.0.1
Unspecified Unspecified
unspecified Severity unspecified (vote)
: Unspecified
: --
Assigned To: Dominic Cleal
Og Maciel
http://projects.theforeman.org/issues...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-20 17:35 EDT by Brad Buckingham
Modified: 2016-04-22 11:44 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-07-18 17:23:37 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Foreman Issue Tracker 2686 None None None 2016-04-22 11:44 EDT

  None (edit)
Description Brad Buckingham 2013-06-20 17:35:46 EDT
Description of problem:

Unable to successfully install/configure Satellite 6 from brewroot.

Version-Release number of selected component (if applicable):

# rpm -qa|grep foreman
foreman-installer-puppet-foreman-0-6.568c5c4.el6sat.noarch
foreman-installer-puppet-puppet-0-3.ab46748.el6sat.noarch
foreman-installer-puppet-xinetd-0-50a267b8.git.0.44aca6a.el6sat.noarch
foreman-installer-puppet-foreman_proxy-0-8.bd1e35d.el6sat.noarch
foreman-postgresql-1.1.10013-1.noarch
foreman-proxy-installer-1.0.1-10.f5ae2cd.el6sat.noarch
foreman-installer-puppet-dhcp-0-5.3a4a13c.el6sat.noarch
foreman-installer-puppet-tftp-0-5.ea6c5e5.el6sat.noarch
foreman-installer-puppet-concat-0-2.d776701.git.0.21ef926.el6sat.noarch
katello-configure-foreman-1.4.3-16.el6sat.noarch
foreman-1.1.10013-1.noarch
ruby193-rubygem-katello-foreman-engine-0.0.3-6.el6sat.noarch
foreman-proxy-1.1.10003-1.el6sat.noarch
ruby193-rubygem-foreman-katello-engine-0.0.8-6.el6sat.noarch
katello-foreman-all-1.4.2-17.el6sat.noarch
ruby193-rubygem-foreman_api-0.1.3-3.el6_4.noarch
foreman-installer-puppet-dns-0-7.fcae203.el6sat.noarch

# rpm -qa|grep katello
katello-common-1.4.2-17.el6sat.noarch
katello-selinux-1.4.3-3.el6sat.noarch
katello-cli-1.4.2-8.el6sat.noarch
katello-candlepin-cert-key-pair-1.0-1.noarch
katello-1.4.2-17.el6sat.noarch
katello-certs-tools-1.4.2-2.el6sat.noarch
katello-all-1.4.2-17.el6sat.noarch
ruby193-rubygem-katello_api-0.0.3-2.el6_4.noarch
katello-cli-common-1.4.2-8.el6sat.noarch
katello-glue-elasticsearch-1.4.2-17.el6sat.noarch
katello-configure-1.4.3-16.el6sat.noarch
katello-configure-foreman-1.4.3-16.el6sat.noarch
katello-qpid-broker-key-pair-1.0-1.noarch
ruby193-rubygem-katello-foreman-engine-0.0.3-6.el6sat.noarch
ruby193-rubygem-foreman-katello-engine-0.0.8-6.el6sat.noarch
signo-katello-0.0.19-1.el6sat.noarch
katello-foreman-all-1.4.2-17.el6sat.noarch
katello-glue-candlepin-1.4.2-17.el6sat.noarch
katello-glue-pulp-1.4.2-17.el6sat.noarch
katello-qpid-client-key-pair-1.0-1.noarch


How reproducible:
always

Steps to Reproduce:
1. set up sat6.repo to point to brewroot
2. yum install katello-foreman-all
3. katello-configure user-pass=admin

Actual results:

1. katello-configure succeeds.

2. Observe a several 401 Unauthorized errors in the foreman production.log.  For example:

Started GET "/foreman/api" for 127.0.0.1 at 2013-06-20 17:19:42 -0400
Processing by Api::V1::HomeController#index as JSON
  Rendered api/v1/errors/unauthorized.json.rabl (126.7ms)
Filter chain halted as :authorize rendered or redirected
Completed 401 Unauthorized in 329ms (Views: 289.7ms | ActiveRecord: 0.0ms)


Started GET "/foreman/api" for 127.0.0.1 at 2013-06-20 17:19:43 -0400
Processing by Api::V1::HomeController#index as JSON
  Rendered api/v1/errors/unauthorized.json.rabl (1.0ms)
Filter chain halted as :authorize rendered or redirected
Completed 401 Unauthorized in 3ms (Views: 2.4ms | ActiveRecord: 0.0ms)
Connecting to database specified by database.yml
Connecting to database specified by database.yml
Fog is not installed - unable to manage compute resources
Fog is not installed - unable to manage compute resources

...
...

3. Log in to the katello UI and observed a couple of error notices:

Failed to perform additional action KatelloForemanEngine::Actions::UserCreate: 401 Unauthorized

Failed to perform additional action KatelloForemanEngine::Actions::OrgCreate: 401 Unauthorized

4. Attempt to go to 'Provisioning', redirects to signo login; therefore, SSO not functioning.

Expected results:

No Errors observed

Additional info:
Comment 2 Dominic Cleal 2013-06-20 18:00:49 EDT
foreman-config hasn't initialised some settings correctly, namely all of the booleans:

irb(main):001:0> Setting.find_by_name('oauth_active').value
  Setting Load (1.0ms)  SELECT "settings".* FROM "settings" WHERE "settings"."name" = 'oauth_active' ORDER BY name LIMIT 1
=> false
irb(main):002:0> Setting.find_by_name('signo_sso').value
  Setting Load (1.6ms)  SELECT "settings".* FROM "settings" WHERE "settings"."name" = 'signo_sso' ORDER BY name LIMIT 1
=> false

But string values are correctly set up:

irb(main):003:0> Setting.find_by_name('signo_url').value
  Setting Load (0.8ms)  SELECT "settings".* FROM "settings" WHERE "settings"."name" = 'signo_url' ORDER BY name LIMIT 1
=> "https://dhcp129-198.rdu.redhat.com/signo"

Running `foreman-config -k oauth_active -v true` doesn't update the value.

This is due to the fix for upstream #2343 (https://github.com/theforeman/foreman/pull/637), which changed the interface to the setting model when passing in strings.  The settings controller was updated, but not foreman-config.
Comment 3 Dominic Cleal 2013-06-20 18:11:53 EDT
PR open: https://github.com/theforeman/foreman/pull/735

Workaround:
1. cd ~foreman && curl https://github.com/theforeman/foreman/pull/735.patch | patch -p1
2. re-run katello-configure

To verify, when visiting https://fqdn/foreman/, you should get redirected to Signo and be able to log in, whereas before it would display Foreman's own login page.
Comment 4 Brad Buckingham 2013-06-21 08:59:42 EDT
Mass move to ON_QA
Comment 5 Og Maciel 2013-06-21 22:33:30 EDT
Verified:
* apr-util-ldap-1.3.9-3.el6_0.1.x86_64
* candlepin-0.8.9-1.el6_4.noarch
* candlepin-scl-1-5.el6_4.noarch
* candlepin-scl-quartz-2.1.5-5.el6_4.noarch
* candlepin-scl-rhino-1.7R3-1.el6_4.noarch
* candlepin-scl-runtime-1-5.el6_4.noarch
* candlepin-selinux-0.8.9-1.el6_4.noarch
* candlepin-tomcat6-0.8.9-1.el6_4.noarch
* elasticsearch-0.19.9-8.el6sat.noarch
* foreman-1.1.10014-1.noarch
* foreman-compute-1.1.10014-1.noarch
* foreman-installer-puppet-concat-0-2.d776701.git.0.21ef926.el6sat.noarch
* foreman-installer-puppet-dhcp-0-5.3a4a13c.el6sat.noarch
* foreman-installer-puppet-dns-0-7.fcae203.el6sat.noarch
* foreman-installer-puppet-foreman-0-6.568c5c4.el6sat.noarch
* foreman-installer-puppet-foreman_proxy-0-8.bd1e35d.el6sat.noarch
* foreman-installer-puppet-puppet-0-3.ab46748.el6sat.noarch
* foreman-installer-puppet-tftp-0-5.ea6c5e5.el6sat.noarch
* foreman-installer-puppet-xinetd-0-50a267b8.git.0.44aca6a.el6sat.noarch
* foreman-libvirt-1.1.10014-1.noarch
* foreman-postgresql-1.1.10014-1.noarch
* foreman-proxy-1.1.10003-1.el6sat.noarch
* foreman-proxy-installer-1.0.1-10.f5ae2cd.el6sat.noarch
* katello-1.4.2-17.el6sat.noarch
* katello-all-1.4.2-17.el6sat.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.4.2-2.el6sat.noarch
* katello-cli-1.4.2-8.el6sat.noarch
* katello-cli-common-1.4.2-8.el6sat.noarch
* katello-common-1.4.2-17.el6sat.noarch
* katello-configure-1.4.3-16.el6sat.noarch
* katello-configure-foreman-1.4.3-16.el6sat.noarch
* katello-foreman-all-1.4.2-17.el6sat.noarch
* katello-glue-candlepin-1.4.2-17.el6sat.noarch
* katello-glue-elasticsearch-1.4.2-17.el6sat.noarch
* katello-glue-pulp-1.4.2-17.el6sat.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-qpid-client-key-pair-1.0-1.noarch
* katello-selinux-1.4.3-3.el6sat.noarch
* openldap-2.4.23-31.el6.x86_64
* pulp-rpm-plugins-2.1.2-1.el6sat.noarch
* pulp-selinux-2.1.2-1.el6sat.noarch
* pulp-server-2.1.2-1.el6sat.noarch
* python-ldap-2.3.10-1.el6.x86_64
* ruby193-rubygem-ldap_fluff-0.2.2-1.el6sat.noarch
* ruby193-rubygem-net-ldap-0.3.1-2.el6sat.noarch
* ruby193-rubygem-runcible-0.4.10-1.el6sat.noarch
* signo-0.0.19-1.el6sat.noarch
* signo-katello-0.0.19-1.el6sat.noarch
Comment 6 Mike McCune 2013-07-18 17:23:37 EDT
mass move to CLOSED:CURRENTRELEASE since MDP1 has been released.

Note You need to log in before you can comment on or make changes to this bug.