[Pulp-list] verify_ssl
Brian Bouterse
bbouters at redhat.com
Thu Aug 28 09:40:38 UTC 2014
I'm not sure exactly what the root cause of this SSL issue is, but I believe it's an SSL issue. Here are a few things to get more information with.
1) One thing that is interesting is your SSL configuration in httpd. I typically use either SSLCACertificatePath or SSLCACertificateFile, but not both. Perhaps it's using the wrong certificate overall?
2) Try hitting the webserver with a normal web interface and see if SSL works for you
3) Check your certificates and see if they have their CN that matches your SSL's hostname directive
4) Look into the httpd logs also
Just a few things that come to mind. Also, later in the morning you can find more pulp developers during east coast business hours in #pulp on freenode. Maybe I'll see you there.
Best,
Brian
----- Original Message -----
> From: "Koen Vanoppen" <vanoppen.koen at gmail.com>
> To: pulp-list at redhat.com
> Sent: Thursday, August 28, 2014 5:30:27 AM
> Subject: Re: [Pulp-list] verify_ssl
>
> the error in the admin.log file concerning above error:
> 2014-08-28 11:21:17,519 - ERROR - Exception occurred:
> href: /pulp/api/v2/actions/login/
> method: POST
> status: 500
> error: Unhandled Exception
> traceback: [u' File
> "/usr/lib/python2.6/site-packages/pulp/server/webservices/middleware/exception.py",
> line 44, in __call__\n return self.app(environ, start_response)\n', u' File
> "/usr/lib/python2.6/site-packages/pulp/server/webservices/middleware/postponed.py",
> line 42, in __call__\n return self.app(environ, start_response)\n', u' File
> "/usr/lib/python2.6/site-packages/web/application.py", line 279, in wsgi\n
> result = self.handle_with_processors()\n', u' File
> "/usr/lib/python2.6/site-packages/pulp/server/webservices/application.py",
> line 29, in _handle_with_processors\n return process(self.processors)\n', u'
> File
> "/usr/lib/python2.6/site-packages/pulp/server/webservices/application.py",
> line 26, in process\n return p(lambda: process(processors))\n', u' File
> "/usr/lib/python2.6/site-packages/web/application.py", line 566, in
> processor\n return handler()\n', u' File
> "/usr/lib/python2.6/site-packages/pulp/server/webservices/application.py",
> line 26, in <lambda>\n return p(lambda: process(processors))\n', u' File
> "/usr/lib/python2.6/site-packages/pulp/server/webservices/application.py",
> line 26, in process\n return p(lambda: process(processors))\n', u' File
> "/usr/lib/python2.6/site-packages/web/application.py", line 581, in
> processor\n result = handler()\n', u' File
> "/usr/lib/python2.6/site-packages/pulp/server/webservices/application.py",
> line 26, in <lambda>\n return p(lambda: process(processors))\n', u' File
> "/usr/lib/python2.6/site-packages/pulp/server/webservices/application.py",
> line 28, in process\n return self.handle()\n', u' File
> "/usr/lib/python2.6/site-packages/web/application.py", line 230, in handle\n
> return self._delegate(fn, self.fvars, args)\n', u' File
> "/usr/lib/python2.6/site-packages/web/application.py", line 422, in
> _delegate\n return f()\n', u' File
> "/usr/lib/python2.6/site-packages/web/application.py", line 430, in
> <lambda>\n f = lambda: self._delegate_sub_application(pat, what)\n', u' File
> "/usr/lib/python2.6/site-packages/web/application.py", line 455, in
> _delegate_sub_application\n return app.handle_with_processors()\n', u' File
> "/usr/lib/python2.6/site-packages/pulp/server/webservices/application.py",
> line 29, in _handle_with_processors\n return process(self.processors)\n', u'
> File
> "/usr/lib/python2.6/site-packages/pulp/server/webservices/application.py",
> line 26, in process\n return p(lambda: process(processors))\n', u' File
> "/usr/lib/python2.6/site-packages/web/application.py", line 566, in
> processor\n return handler()\n', u' File
> "/usr/lib/python2.6/site-packages/pulp/server/webservices/application.py",
> line 26, in <lambda>\n return p(lambda: process(processors))\n', u' File
> "/usr/lib/python2.6/site-packages/pulp/server/webservices/application.py",
> line 26, in process\n return p(lambda: process(processors))\n', u' File
> "/usr/lib/python2.6/site-packages/web/application.py", line 581, in
> processor\n result = handler()\n', u' File
> "/usr/lib/python2.6/site-packages/pulp/server/webservices/application.py",
> line 26, in <lambda>\n return p(lambda: process(processors))\n', u' File
> "/usr/lib/python2.6/site-packages/pulp/server/webservices/application.py",
> line 28, in process\n return self.handle()\n', u' File
> "/usr/lib/python2.6/site-packages/web/application.py", line 230, in handle\n
> return self._delegate(fn, self.fvars, args)\n', u' File
> "/usr/lib/python2.6/site-packages/web/application.py", line 420, in
> _delegate\n return handle_class(cls)\n', u' File
> "/usr/lib/python2.6/site-packages/web/application.py", line 396, in
> handle_class\n return tocall(*args)\n', u' File
> "/usr/lib/python2.6/site-packages/pulp/server/webservices/controllers/decorators.py",
> line 227, in _auth_decorator\n value = method(self, *args, **kwargs)\n', u'
> File
> "/usr/lib/python2.6/site-packages/pulp/server/webservices/controllers/root_actions.py",
> line 42, in POST\n key, certificate =
> factory.cert_generation_manager().make_admin_user_cert(user)\n', u' File
> "/usr/lib/python2.6/site-packages/pulp/server/managers/auth/cert/cert_generator.py",
> line 43, in make_admin_user_cert\n return
> self.make_cert(self.encode_admin_user(user), expiration)\n', u' File
> "/usr/lib/python2.6/site-packages/pulp/server/managers/auth/cert/cert_generator.py",
> line 97, in make_cert\n raise Exception("error signing cert request: %s" %
> output)\n']
> data: {}
>
> # ************************************
> # Vhost template in module puppetlabs-apache
> # Managed by Puppet
> # ************************************
>
> <VirtualHost *:443>
> ServerName pulppuppet01sand.brusselsairport.***
>
> ## Vhost docroot
> DocumentRoot "/var/www/html"
>
>
>
> ## Directories, there should at least be a declaration for /var/www/html
>
>
> <Directory "/var/www/html">
> Options Indexes FollowSymLinks MultiViews
> AllowOverride None
> Order allow,deny
> Allow from all
> </Directory>
>
> ## Load additional static includes
>
>
> ## Logging
> ErrorLog "/var/log/httpd/pulp_error_ssl.log"
> ServerSignature Off
> CustomLog "/var/log/httpd/pulp_access_ssl.log" combined
>
>
>
>
> ## SSL directives
> SSLEngine on
> SSLCertificateFile "/etc/pki/tls/pulpserver.crt"
> SSLCertificateKeyFile "/etc/pki/tls/pulpserver.key"
> SSLCACertificatePath "/etc/pki/tls/certs"
> SSLCACertificateFile "/etc/pki/pulp/ca.crt"
> SSLVerifyClient optional
> SSLVerifyDepth 3
> SSLOptions +StdEnvVars
> </VirtualHost>
>
>
>
>
> 2014-08-28 7:14 GMT+02:00 Koen Vanoppen < vanoppen.koen at gmail.com > :
>
>
>
> And after I changed my http conf to ssl:
> [root at pulppuppet01sand .pulp]# pulp-admin login -u admin
> Enter password:
> An internal error occurred on the Pulp server:
>
> RequestException: POST request
> on /pulp/api/v2/actions/login/ failed with 500 - Unhandled Exception
>
>
>
>
> 2014-08-28 7:00 GMT+02:00 Koen Vanoppen < vanoppen.koen at gmail.com > :
>
>
>
>
> Here are my config files for the admin and the server.conf. The repo is for
> internal use only so the SSL_verification can be False. Thanx in advance!
>
>
> 2014-08-28 6:41 GMT+02:00 Koen Vanoppen < vanoppen.koen at gmail.com > :
>
>
>
>
> This is from the admin.log:
> 2014-08-28 06:39:50,754 - ERROR - Client-side exception occurred
>
> Traceback (most recent call last):
> File "/usr/lib/python2.6/site-packages/pulp/client/extensions/core.py", line
> 478, in run
> exit_code = Cli.run(self, args)
> File "/usr/lib/python2.6/site-packages/okaara/cli.py", line 974, in run
> exit_code = command_or_section.execute(self.prompt, remaining_args)
> File "/usr/lib/python2.6/site-packages/pulp/client/extensions/extensions.py",
> line 224, in execute
> return self.method(*arg_list, **clean_kwargs)
> File "/usr/lib/python2.6/site-packages/pulp/client/admin/admin_auth.py", line
> 58, in login
> result = self.context.server.actions.login(username, password).response_body
> File "/usr/lib/python2.6/site-packages/pulp/bindings/actions.py", line 32, in
> login
> return self.server.POST(path)
> File "/usr/lib/python2.6/site-packages/pulp/bindings/server.py", line 99, in
> POST
> return self._request('POST', path, body=body,
> ensure_encoding=ensure_encoding)
> File "/usr/lib/python2.6/site-packages/pulp/bindings/server.py", line 143, in
> _request
> response_code, response_body = self.server_wrapper.request(method, url, body)
> File "/usr/lib/python2.6/site-packages/pulp/bindings/server.py", line 316, in
> request
> connection.request(method, url, body=body, headers=headers)
> File "/usr/lib64/python2.6/httplib.py", line 914, in request
> self._send_request(method, url, body, headers)
> File "/usr/lib64/python2.6/httplib.py", line 951, in _send_request
> self.endheaders()
> File "/usr/lib64/python2.6/httplib.py", line 908, in endheaders
> self._send_output()
> File "/usr/lib64/python2.6/httplib.py", line 780, in _send_output
> self.send(msg)
> File "/usr/lib64/python2.6/httplib.py", line 739, in send
> self.connect()
> File "/usr/lib64/python2.6/site-packages/M2Crypto/httpslib.py", line 50, in
> connect
> self.sock.connect((self.host, self.port))
> File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Connection.py", line
> 181, in connect
> self.socket.connect(addr)
> File "<string>", line 1, in connect
> error: [Errno 111] Connection refused
>
>
>
> 2014-08-28 6:37 GMT+02:00 Koen Vanoppen < vanoppen.koen at gmail.com > :
>
>
>
>
> THANX!!! that was the trick indeed. Sorry...
> Now I only have this:
> The connection was refused when attempting to contact the server
> [pulppuppet01sand.brusselsairport.***]. Check the client configuration to
> ensure the server hostname is correct.
>
> pulp-admin and server are running on the same host, with self generated cert
> and key.
>
> Kind regards,
>
> Koen
>
>
>
>
> 2014-08-27 16:07 GMT+02:00 Sean Waite < swaite at tracelink.com > :
>
>
>
>
> Hi Koen,
>
> If you read the release notes (
> http://pulp-user-guide.readthedocs.org/en/latest/release-notes/2.4.x.html ),
> you'll see that with the self-signed certs, you'll need to set verify_ssl to
> False in the admin.conf and others.
>
> I hit this same issue.
>
>
> On Wed, Aug 27, 2014 at 9:38 AM, Koen Vanoppen < vanoppen.koen at gmail.com >
> wrote:
>
>
>
> Dear All,
>
> I have installed pulp v 2.4 and now I'm getting following error when I try to
> login with "pulp-admin login -u admin"
>
> Traceback (most recent call last):
> File "/usr/bin/pulp-admin", line 9, in <module>
> load_entry_point('pulp-client-admin==2.4.0', 'console_scripts',
> 'pulp-admin')()
> File "/usr/lib/python2.6/site-packages/pulp/client/admin/__init__.py", line
> 35, in main
> config_files, exception_handler_class=AdminExceptionHandler
> File "/usr/lib/python2.6/site-packages/pulp/client/launcher.py", line 85, in
> main
> server = _create_bindings(config, logger, username, password)
> File "/usr/lib/python2.6/site-packages/pulp/client/launcher.py", line 192, in
> _create_bindings
> validate_ssl_ca = config['server']['verify_ssl'].lower() != 'false'
> KeyError: 'verify_ssl'
>
> Any Ideas?
>
> Kind regards,
>
> Koen
>
> _______________________________________________
> Pulp-list mailing list
> Pulp-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-list
>
>
>
> --
> Sean Waite swaite at tracelink.com
> Cloud Operations Engineer GPG 17F91B3A
> TraceLink, Inc.
>
> Be Excellent to Each Other
>
>
>
>
>
>
> _______________________________________________
> Pulp-list mailing list
> Pulp-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-list
More information about the Pulp-list
mailing list