[Katello] Katello 2.2/Foreman 1.8 upgrade breaks LDAP auth badly

John_Beranek · June 10, 2015, 3:13pm

Hi all,

Was running Katello 2.1/Foreman 1.7, using LDAP auth to the company's
Active Directory and all was good.

Have just attempted an upgrade to Katello 2.2 twice, and each time it
breaks LDAP auth, in such a way that as soon as a user tries to
authenticate, the Foreman RackApp continuously connects to the LDAP server,
100s of time a minute. I can verify this with strace on the Passenger
process.

Installer output:

katello-installer --upgrade

Upgrading…
Upgrade Step: stop_services…
Upgrade Step: start_mongo…
Upgrade Step: migrate_pulp…
Upgrade Step: migrate_candlepin…
Upgrade Step: migrate_foreman…
Upgrade Step: migrate_gutterball…
Upgrade Step: Running installer…
Your puppet version does not support progress bar
Preparing installation Done
Something went wrong! Check the log for ERROR-level output
The full log is at /var/log/katello-installer/katello-installer.log
Upgrade Step: Restarting services…
Upgrade Step: db:seed…
Upgrade Step: Running errata import task (this may take a while)…
Upgrade Step: Update gpg key urls to support capsule isolation (this may
take a while)…
Upgrade Step: Update repositories to specify metadata_expire (this may take
a while)…
/usr/lib/ruby/gems/1.8/gems/kafo-0.6.5/lib/kafo/logger.rb:104:in error': wrong number of arguments (11 for 1) (ArgumentError) from /usr/lib/ruby/gems/1.8/gems/kafo-0.6.5/lib/kafo/logger.rb:104:insend'
from
/usr/lib/ruby/gems/1.8/gems/kafo-0.6.5/lib/kafo/logger.rb:104:in
dump_buffer' from /usr/lib/ruby/gems/1.8/gems/kafo-0.6.5/lib/kafo/logger.rb:104:ineach'
from
/usr/lib/ruby/gems/1.8/gems/kafo-0.6.5/lib/kafo/logger.rb:104:in
dump_buffer' from /usr/lib/ruby/gems/1.8/gems/kafo-0.6.5/lib/kafo/logger.rb:103:ineach'
from
/usr/lib/ruby/gems/1.8/gems/kafo-0.6.5/lib/kafo/logger.rb:103:in
dump_buffer' from /usr/lib/ruby/gems/1.8/gems/kafo-0.6.5/lib/kafo/logger.rb:94:indump_errors'
from
/usr/lib/ruby/gems/1.8/gems/kafo-0.6.5/lib/kafo/logger.rb:99:in
dump_errors' from /usr/lib/ruby/gems/1.8/gems/kafo-0.6.5/lib/kafo/exit_handler.rb:26:inexit'
from
/usr/lib/ruby/gems/1.8/gems/kafo-0.6.5/lib/kafo/kafo_configure.rb:122:in
exit' from /usr/lib/ruby/gems/1.8/gems/kafo-0.6.5/lib/kafo/kafo_configure.rb:338:inrun_installation'
from
/usr/lib/ruby/gems/1.8/gems/kafo-0.6.5/lib/kafo/kafo_configure.rb:109:in
execute' from /usr/lib/ruby/gems/1.8/gems/clamp-0.6.2/lib/clamp/command.rb:68:inrun'
from
/usr/lib/ruby/gems/1.8/gems/clamp-0.6.2/lib/clamp/command.rb:126:in run' from /usr/lib/ruby/gems/1.8/gems/kafo-0.6.5/lib/kafo/kafo_configure.rb:116:inrun'
from /usr/sbin/katello-installer:46

[End of installer log, with hostname obscured]
[DEBUG 2015-06-10 16:10:40 main] Exit with status code: 6 (signal was 6)
[ERROR 2015-06-10 16:10:40 main] Repeating errors encountered during run:
[ERROR 2015-06-10 16:10:40 main] <NilClass> nil
[ERROR 2015-06-10 16:10:40 main] Your puppet version does not support
progress bar
[ERROR 2015-06-10 16:10:40 main]
/Stage[main]/Gutterball::Database/Postgresql::Server::Db[gutterball]/Postgresql::Server::Database[gutterball]/Exec[/usr/bin/createdb
–port='5432' --owner='postgres' --template=template0 'gutterball']:
Failed to call refresh: /usr/bin/createdb --port='5432' --owner='postgres'
–template=template0 'gutterball' returned 1 instead of one of [0]
[ERROR 2015-06-10 16:10:40 main]
/Stage[main]/Gutterball::Database/Postgresql::Server::Db[gutterball]/Postgresql::Server::Database[gutterball]/Exec[/usr/bin/createdb
–port='5432' --owner='postgres' --template=template0 'gutterball']:
/usr/bin/createdb --port='5432' --owner='postgres' --template=template0
'gutterball' returned 1 instead of one of [0]
[ERROR 2015-06-10 16:10:40 main]
/Stage[main]/Certs::Qpid/Exec[add-broker-cert-to-nss-db]: Failed to call
refresh: certutil -A -d '/etc/pki/katello/nssdb' -n 'broker' -t ',' -a -i
'/etc/pki/katello/certs/katello.example.com-qpid-broker.crt' returned 255
instead of one of [0]
[ERROR 2015-06-10 16:10:40 main]
/Stage[main]/Certs::Qpid/Exec[add-broker-cert-to-nss-db]: certutil -A -d
'/etc/pki/katello/nssdb' -n 'broker' -t ',' -a -i
'/etc/pki/katello/certs/katello.example.com-qpid-broker.crt' returned 255
instead of one of [0]
[ERROR 2015-06-10 16:10:40 main]
/Stage[main]/Certs::Candlepin/Exec[candlepin-add-client-cert-to-nss-db]:
Failed to call refresh: certutil -A -d '/etc/pki/katello/nssdb' -n
'amqp-client' -t ',' -a -i '/etc/pki/katello/certs/java-client.crt'
returned 255 instead of one of [0]
[ERROR 2015-06-10 16:10:40 main]
/Stage[main]/Certs::Candlepin/Exec[candlepin-add-client-cert-to-nss-db]:
certutil -A -d '/etc/pki/katello/nssdb' -n 'amqp-client' -t ',' -a -i
'/etc/pki/katello/certs/java-client.crt' returned 255 instead of one of [0]

I can provide the installer and Foreman logs off-list, but I don't see any
messages about LDAP connections in the logs I've looked in…

If I login with a local user, Foreman/Katello are apparently fully usable.

Any ideas?

Cheers,

John