[Pulp-list] verify_ssl
Brian Bouterse
bbouters at redhat.com
Thu Aug 28 09:52:59 UTC 2014
>From your httpd output, it would seem that the apache process is having trouble connecting to the message broker (qpid). Are you trying to use apache with Qpid with SSL? Maybe temporarily turn off SSL between apache and Qpid. Here is a qpid SSL guide [0] and a page on the broker settings of pulp [1]. Try to ensure that you can connect to Qpid using the SSL certs you have. You could use a tool like qpid-stat to try to make a connection with the same SSL certs that you are giving to Pulp.
[0]: https://pulp-user-guide.readthedocs.org/en/latest/qpid.html#qpid-ssl-configuration
[1]: https://pulp-user-guide.readthedocs.org/en/latest/broker-settings.html#pulp-broker-settings
Best,
Brian
----- Original Message -----
> From: "Koen Vanoppen" <vanoppen.koen at gmail.com>
> To: pulp-list at redhat.com
> Sent: Thursday, August 28, 2014 5:45:32 AM
> Subject: Re: [Pulp-list] verify_ssl
>
> And maybe also usefull. The apache error log. Then I quit sending mails :-).
> Or I should find the solution of course :-).
>
> Apache/2.2.15 (Unix) DAV/2 mod_ssl/2.2.15 OpenSSL/1.0.0-fips mod_wsgi/3.4
> Python/2.6.6 configured -- resuming normal operations
> [Thu Aug 28 11:43:56 2014] [notice] caught SIGTERM, shutting down
> [Thu Aug 28 11:43:56 2014] [error] Error in atexit._run_exitfuncs:
> [Thu Aug 28 11:43:56 2014] [error] Traceback (most recent call last):
> [Thu Aug 28 11:43:56 2014] [error] File "/usr/lib64/python2.6/atexit.py",
> line 24, in _run_exitfuncs
> [Thu Aug 28 11:43:56 2014] [error] func(*targs, **kargs)
> [Thu Aug 28 11:43:56 2014] [error] File
> "/usr/lib/python2.6/site-packages/gofer/transport/qpid/consumer.py", line
> 97, in close
> [Thu Aug 28 11:43:56 2014] [error] self.__receiver.close()
> [Thu Aug 28 11:43:56 2014] [error] File "<string>", line 6, in close
> [Thu Aug 28 11:43:56 2014] [error] File
> "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 1071,
> in close
> [Thu Aug 28 11:43:56 2014] [error] if not self.session._ewait(lambda:
> self.closed, timeout=timeout):
> [Thu Aug 28 11:43:56 2014] [error] File
> "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 580, in
> _ewait
> [Thu Aug 28 11:43:56 2014] [error] result = self.connection._ewait(lambda:
> self.error or predicate(), timeout)
> [Thu Aug 28 11:43:56 2014] [error] File
> "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 218, in
> _ewait
> [Thu Aug 28 11:43:56 2014] [error] result = self._wait(lambda: self.error or
> predicate(), timeout)
> [Thu Aug 28 11:43:56 2014] [error] File
> "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 197, in
> _wait
> [Thu Aug 28 11:43:56 2014] [error] return self._waiter.wait(predicate,
> timeout=timeout)
> [Thu Aug 28 11:43:56 2014] [error] File
> "/usr/lib/python2.6/site-packages/qpid/concurrency.py", line 57, in wait
> [Thu Aug 28 11:43:56 2014] [error] self.condition.wait(3)
> [Thu Aug 28 11:43:56 2014] [error] File
> "/usr/lib/python2.6/site-packages/qpid/concurrency.py", line 96, in wait
> [Thu Aug 28 11:43:56 2014] [error] sw.wait(timeout)
> [Thu Aug 28 11:43:56 2014] [error] File
> "/usr/lib/python2.6/site-packages/qpid/compat.py", line 53, in wait
> [Thu Aug 28 11:43:56 2014] [error] ready, _, _ = select([self], [], [],
> timeout)
> [Thu Aug 28 11:43:56 2014] [error] error: (4, 'Interrupted system call')
> [Thu Aug 28 11:43:56 2014] [error] mod_wsgi (pid=8334): Exception occurred
> within exit functions.
> [Thu Aug 28 11:43:56 2014] [error] Traceback (most recent call last):
> [Thu Aug 28 11:43:56 2014] [error] File "/usr/lib64/python2.6/atexit.py",
> line 24, in _run_exitfuncs
> [Thu Aug 28 11:43:56 2014] [error] func(*targs, **kargs)
> [Thu Aug 28 11:43:56 2014] [error] File
> "/usr/lib/python2.6/site-packages/gofer/transport/qpid/consumer.py", line
> 97, in close
> [Thu Aug 28 11:43:56 2014] [error] self.__receiver.close()
> [Thu Aug 28 11:43:56 2014] [error] File "<string>", line 6, in close
> [Thu Aug 28 11:43:56 2014] [error] File
> "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 1071,
> in close
> [Thu Aug 28 11:43:56 2014] [error] if not self.session._ewait(lambda:
> self.closed, timeout=timeout):
> [Thu Aug 28 11:43:56 2014] [error] File
> "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 580, in
> _ewait
> [Thu Aug 28 11:43:56 2014] [error] result = self.connection._ewait(lambda:
> self.error or predicate(), timeout)
> [Thu Aug 28 11:43:56 2014] [error] File
> "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 218, in
> _ewait
> [Thu Aug 28 11:43:56 2014] [error] result = self._wait(lambda: self.error or
> predicate(), timeout)
> [Thu Aug 28 11:43:56 2014] [error] File
> "/usr/lib/python2.6/site-packages/qpid/messaging/endpoints.py", line 197, in
> _wait
> [Thu Aug 28 11:43:56 2014] [error] return self._waiter.wait(predicate,
> timeout=timeout)
> [Thu Aug 28 11:43:56 2014] [error] File
> "/usr/lib/python2.6/site-packages/qpid/concurrency.py", line 57, in wait
> [Thu Aug 28 11:43:56 2014] [error] self.condition.wait(3)
> [Thu Aug 28 11:43:56 2014] [error] File
> "/usr/lib/python2.6/site-packages/qpid/concurrency.py", line 96, in wait
> [Thu Aug 28 11:43:56 2014] [error] sw.wait(timeout)
> [Thu Aug 28 11:43:56 2014] [error] File
> "/usr/lib/python2.6/site-packages/qpid/compat.py", line 53, in wait
> [Thu Aug 28 11:43:56 2014] [error] ready, _, _ = select([self], [], [],
> timeout)
> [Thu Aug 28 11:43:56 2014] [error] error: (4, 'Interrupted system call')
> [Thu Aug 28 11:43:56 2014] [error] Exception TypeError: "'NoneType' object is
> not callable" in Exception TypeError: "'NoneType' object is not callable" in
> <bound method Request.__del__ of <M2Crypto.X509.Request instance at
> 0x7f501c04c098>> ignored
> [Thu Aug 28 11:43:56 2014] [error] Exception TypeError: "'NoneType' object is
> not callable" in <bound method PKey.__del__ of <M2Crypto.EVP.PKey instance
> at 0x7f50515c3fc8>> ignored
> [Thu Aug 28 11:43:57 2014] [notice] suEXEC mechanism enabled (wrapper:
> /usr/sbin/suexec)
> [Thu Aug 28 11:43:57 2014] [notice] Digest: generating secret for digest
> authentication ...
> [Thu Aug 28 11:43:57 2014] [notice] Digest: done
> [Thu Aug 28 11:43:57 2014] [notice] Apache/2.2.15 (Unix) DAV/2 mod_ssl/2.2.15
> OpenSSL/1.0.0-fips mod_wsgi/3.4 Python/2.6.6 configured -- resuming normal
> operations
>
>
>
> 2014-08-28 11:30 GMT+02:00 Koen Vanoppen < vanoppen.koen at gmail.com > :
>
>
>
> the error in the admin.log file concerning above error:
> 2014-08-28 11:21:17,519 - ERROR - Exception occurred:
> href: /pulp/api/v2/actions/login/
> method: POST
> status: 500
> error: Unhandled Exception
> traceback: [u' File
> "/usr/lib/python2.6/site-packages/pulp/server/webservices/middleware/exception.py",
> line 44, in __call__\n return self.app(environ, start_response)\n', u' File
> "/usr/lib/python2.6/site-packages/pulp/server/webservices/middleware/postponed.py",
> line 42, in __call__\n return self.app(environ, start_response)\n', u' File
> "/usr/lib/python2.6/site-packages/web/application.py", line 279, in wsgi\n
> result = self.handle_with_processors()\n', u' File
> "/usr/lib/python2.6/site-packages/pulp/server/webservices/application.py",
> line 29, in _handle_with_processors\n return process(self.processors)\n', u'
> File
> "/usr/lib/python2.6/site-packages/pulp/server/webservices/application.py",
> line 26, in process\n return p(lambda: process(processors))\n', u' File
> "/usr/lib/python2.6/site-packages/web/application.py", line 566, in
> processor\n return handler()\n', u' File
> "/usr/lib/python2.6/site-packages/pulp/server/webservices/application.py",
> line 26, in <lambda>\n return p(lambda: process(processors))\n', u' File
> "/usr/lib/python2.6/site-packages/pulp/server/webservices/application.py",
> line 26, in process\n return p(lambda: process(processors))\n', u' File
> "/usr/lib/python2.6/site-packages/web/application.py", line 581, in
> processor\n result = handler()\n', u' File
> "/usr/lib/python2.6/site-packages/pulp/server/webservices/application.py",
> line 26, in <lambda>\n return p(lambda: process(processors))\n', u' File
> "/usr/lib/python2.6/site-packages/pulp/server/webservices/application.py",
> line 28, in process\n return self.handle()\n', u' File
> "/usr/lib/python2.6/site-packages/web/application.py", line 230, in handle\n
> return self._delegate(fn, self.fvars, args)\n', u' File
> "/usr/lib/python2.6/site-packages/web/application.py", line 422, in
> _delegate\n return f()\n', u' File
> "/usr/lib/python2.6/site-packages/web/application.py", line 430, in
> <lambda>\n f = lambda: self._delegate_sub_application(pat, what)\n', u' File
> "/usr/lib/python2.6/site-packages/web/application.py", line 455, in
> _delegate_sub_application\n return app.handle_with_processors()\n', u' File
> "/usr/lib/python2.6/site-packages/pulp/server/webservices/application.py",
> line 29, in _handle_with_processors\n return process(self.processors)\n', u'
> File
> "/usr/lib/python2.6/site-packages/pulp/server/webservices/application.py",
> line 26, in process\n return p(lambda: process(processors))\n', u' File
> "/usr/lib/python2.6/site-packages/web/application.py", line 566, in
> processor\n return handler()\n', u' File
> "/usr/lib/python2.6/site-packages/pulp/server/webservices/application.py",
> line 26, in <lambda>\n return p(lambda: process(processors))\n', u' File
> "/usr/lib/python2.6/site-packages/pulp/server/webservices/application.py",
> line 26, in process\n return p(lambda: process(processors))\n', u' File
> "/usr/lib/python2.6/site-packages/web/application.py", line 581, in
> processor\n result = handler()\n', u' File
> "/usr/lib/python2.6/site-packages/pulp/server/webservices/application.py",
> line 26, in <lambda>\n return p(lambda: process(processors))\n', u' File
> "/usr/lib/python2.6/site-packages/pulp/server/webservices/application.py",
> line 28, in process\n return self.handle()\n', u' File
> "/usr/lib/python2.6/site-packages/web/application.py", line 230, in handle\n
> return self._delegate(fn, self.fvars, args)\n', u' File
> "/usr/lib/python2.6/site-packages/web/application.py", line 420, in
> _delegate\n return handle_class(cls)\n', u' File
> "/usr/lib/python2.6/site-packages/web/application.py", line 396, in
> handle_class\n return tocall(*args)\n', u' File
> "/usr/lib/python2.6/site-packages/pulp/server/webservices/controllers/decorators.py",
> line 227, in _auth_decorator\n value = method(self, *args, **kwargs)\n', u'
> File
> "/usr/lib/python2.6/site-packages/pulp/server/webservices/controllers/root_actions.py",
> line 42, in POST\n key, certificate =
> factory.cert_generation_manager().make_admin_user_cert(user)\n', u' File
> "/usr/lib/python2.6/site-packages/pulp/server/managers/auth/cert/cert_generator.py",
> line 43, in make_admin_user_cert\n return
> self.make_cert(self.encode_admin_user(user), expiration)\n', u' File
> "/usr/lib/python2.6/site-packages/pulp/server/managers/auth/cert/cert_generator.py",
> line 97, in make_cert\n raise Exception("error signing cert request: %s" %
> output)\n']
> data: {}
>
> # ************************************
> # Vhost template in module puppetlabs-apache
> # Managed by Puppet
> # ************************************
>
> <VirtualHost *:443>
> ServerName pulppuppet01sand.brusselsairport.***
>
> ## Vhost docroot
> DocumentRoot "/var/www/html"
>
>
>
> ## Directories, there should at least be a declaration for /var/www/html
>
>
> <Directory "/var/www/html">
> Options Indexes FollowSymLinks MultiViews
> AllowOverride None
> Order allow,deny
> Allow from all
> </Directory>
>
> ## Load additional static includes
>
>
> ## Logging
> ErrorLog "/var/log/httpd/pulp_error_ssl.log"
> ServerSignature Off
> CustomLog "/var/log/httpd/pulp_access_ssl.log" combined
>
>
>
>
> ## SSL directives
> SSLEngine on
> SSLCertificateFile "/etc/pki/tls/pulpserver.crt"
> SSLCertificateKeyFile "/etc/pki/tls/pulpserver.key"
> SSLCACertificatePath "/etc/pki/tls/certs"
> SSLCACertificateFile "/etc/pki/pulp/ca.crt"
> SSLVerifyClient optional
> SSLVerifyDepth 3
> SSLOptions +StdEnvVars
> </VirtualHost>
>
>
>
>
> 2014-08-28 7:14 GMT+02:00 Koen Vanoppen < vanoppen.koen at gmail.com > :
>
>
>
>
> And after I changed my http conf to ssl:
> [root at pulppuppet01sand .pulp]# pulp-admin login -u admin
> Enter password:
> An internal error occurred on the Pulp server:
>
> RequestException: POST request
> on /pulp/api/v2/actions/login/ failed with 500 - Unhandled Exception
>
>
>
>
> 2014-08-28 7:00 GMT+02:00 Koen Vanoppen < vanoppen.koen at gmail.com > :
>
>
>
>
> Here are my config files for the admin and the server.conf. The repo is for
> internal use only so the SSL_verification can be False. Thanx in advance!
>
>
> 2014-08-28 6:41 GMT+02:00 Koen Vanoppen < vanoppen.koen at gmail.com > :
>
>
>
>
> This is from the admin.log:
> 2014-08-28 06:39:50,754 - ERROR - Client-side exception occurred
>
> Traceback (most recent call last):
> File "/usr/lib/python2.6/site-packages/pulp/client/extensions/core.py", line
> 478, in run
> exit_code = Cli.run(self, args)
> File "/usr/lib/python2.6/site-packages/okaara/cli.py", line 974, in run
> exit_code = command_or_section.execute(self.prompt, remaining_args)
> File "/usr/lib/python2.6/site-packages/pulp/client/extensions/extensions.py",
> line 224, in execute
> return self.method(*arg_list, **clean_kwargs)
> File "/usr/lib/python2.6/site-packages/pulp/client/admin/admin_auth.py", line
> 58, in login
> result = self.context.server.actions.login(username, password).response_body
> File "/usr/lib/python2.6/site-packages/pulp/bindings/actions.py", line 32, in
> login
> return self.server.POST(path)
> File "/usr/lib/python2.6/site-packages/pulp/bindings/server.py", line 99, in
> POST
> return self._request('POST', path, body=body,
> ensure_encoding=ensure_encoding)
> File "/usr/lib/python2.6/site-packages/pulp/bindings/server.py", line 143, in
> _request
> response_code, response_body = self.server_wrapper.request(method, url, body)
> File "/usr/lib/python2.6/site-packages/pulp/bindings/server.py", line 316, in
> request
> connection.request(method, url, body=body, headers=headers)
> File "/usr/lib64/python2.6/httplib.py", line 914, in request
> self._send_request(method, url, body, headers)
> File "/usr/lib64/python2.6/httplib.py", line 951, in _send_request
> self.endheaders()
> File "/usr/lib64/python2.6/httplib.py", line 908, in endheaders
> self._send_output()
> File "/usr/lib64/python2.6/httplib.py", line 780, in _send_output
> self.send(msg)
> File "/usr/lib64/python2.6/httplib.py", line 739, in send
> self.connect()
> File "/usr/lib64/python2.6/site-packages/M2Crypto/httpslib.py", line 50, in
> connect
> self.sock.connect((self.host, self.port))
> File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Connection.py", line
> 181, in connect
> self.socket.connect(addr)
> File "<string>", line 1, in connect
> error: [Errno 111] Connection refused
>
>
>
> 2014-08-28 6:37 GMT+02:00 Koen Vanoppen < vanoppen.koen at gmail.com > :
>
>
>
>
> THANX!!! that was the trick indeed. Sorry...
> Now I only have this:
> The connection was refused when attempting to contact the server
> [pulppuppet01sand.brusselsairport.***]. Check the client configuration to
> ensure the server hostname is correct.
>
> pulp-admin and server are running on the same host, with self generated cert
> and key.
>
> Kind regards,
>
> Koen
>
>
>
>
> 2014-08-27 16:07 GMT+02:00 Sean Waite < swaite at tracelink.com > :
>
>
>
>
> Hi Koen,
>
> If you read the release notes (
> http://pulp-user-guide.readthedocs.org/en/latest/release-notes/2.4.x.html ),
> you'll see that with the self-signed certs, you'll need to set verify_ssl to
> False in the admin.conf and others.
>
> I hit this same issue.
>
>
> On Wed, Aug 27, 2014 at 9:38 AM, Koen Vanoppen < vanoppen.koen at gmail.com >
> wrote:
>
>
>
> Dear All,
>
> I have installed pulp v 2.4 and now I'm getting following error when I try to
> login with "pulp-admin login -u admin"
>
> Traceback (most recent call last):
> File "/usr/bin/pulp-admin", line 9, in <module>
> load_entry_point('pulp-client-admin==2.4.0', 'console_scripts',
> 'pulp-admin')()
> File "/usr/lib/python2.6/site-packages/pulp/client/admin/__init__.py", line
> 35, in main
> config_files, exception_handler_class=AdminExceptionHandler
> File "/usr/lib/python2.6/site-packages/pulp/client/launcher.py", line 85, in
> main
> server = _create_bindings(config, logger, username, password)
> File "/usr/lib/python2.6/site-packages/pulp/client/launcher.py", line 192, in
> _create_bindings
> validate_ssl_ca = config['server']['verify_ssl'].lower() != 'false'
> KeyError: 'verify_ssl'
>
> Any Ideas?
>
> Kind regards,
>
> Koen
>
> _______________________________________________
> Pulp-list mailing list
> Pulp-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-list
>
>
>
> --
> Sean Waite swaite at tracelink.com
> Cloud Operations Engineer GPG 17F91B3A
> TraceLink, Inc.
>
> Be Excellent to Each Other
>
>
>
>
>
>
>
> _______________________________________________
> Pulp-list mailing list
> Pulp-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-list
More information about the Pulp-list
mailing list