[Pulp-list] pulp-manage-dbl sasl negotiation failed
Ben Stanley
Ben.Stanley at exemail.com.au
Wed Dec 3 17:55:00 UTC 2014
Thanks for getting back to me.
In the interests of making progress while America was enjoying
thanksgiving, I decided to get a passwordless setup going, which is now
working.
I will have to set up another vm to test password stuff, but I don't know
when I will get to do that.
I found the documentation for how to set up the the qpid password stuff to
be quite confusing. Apparently the qpid configuration file had moved from
/etc/qpidd.conf to /etc/qpid/qpidd.conf, and this is not reflected in the
qpid docs! I was initially quite confused about what file I was supposed to
be editing, and initially I put those changes in /etc/sasl2/qpidd.conf !
Regarding the sasl2 changes, there was a typo:
/etc/sasl2/qpidd.conf
mech_list: DIGEST-MD5
I removed ANONYMOUS, EXTERNAL and PLAIN. The other possibility is GSSAPI,
but that implies Kerberos, which I am not using.
The broker_url also had a typo, and the user and password words are of
course placeholders for other values.
/etc/pulp/server.conf
broker_url: qpid://user:password@localhost/
And the user and password were set up with the command
saslpasswd2 -f /var/lib/qpidd/qpidd.sasldb -u QPID user
They were set up to match.
I will leave this thread be until I get to set up a test vm. Then I will
have to try it again and inspect those logs.
Thanks for the help.
Ben.
On 2 December 2014 1:40:20 AM Brian Bouterse <bbouters at redhat.com> wrote:
> Hi Ben,
>
> Here are some thoughts that may help you identify the problem. Migration
> 0009 tries to connect to the broker, so its likely that Pulp cannot
> successfully connect to Qpid.
>
> - I typically don't set anything in /etc/sasl2/qpidd.conf. Perhaps that
> feature is not working as expected. The Qpid docs may also be helpful in
> getting the configuration of Qpid correct.
>
> - The /etc/qpid/qpidd.conf looks like Qpid should require authentication
> and use the realm QPID, which looks correct. You can use the trace mode of
> Qpid to get more info on the output of the client.
>
> - Your broker url uses a protocol handler 'paid'. I expect it to be
> 'qpid://user:password@localhost/'. If this is actually your broker string
> then I don't expect it would work.
>
> - I assume your SASL user named 'user' has the password set as 'password'
> to match the broker string that you gave Pulp.
>
> - Getting the trace output of Qpid will help identify the root cause I
> believe. Also the Pulp output logs would be good too. You should look in
> those places for errors.
>
> Brian
>
>
> ----- Original Message -----
> > From: "ben stanley" <ben.stanley at exemail.com.au>
> > To: pulp-list at redhat.com
> > Sent: Thursday, November 27, 2014 12:47:59 AM
> > Subject: [Pulp-list] pulp-manage-dbl sasl negotiation failed
> >
> > Hi,
> >
> > I am trying to set up a pulp server, according to the instructions at
> >
> > http://pulp-user-guide.readthedocs.org/en/pulp-2.4/installation.html
> >
> > I am working on RHEL7 Workstation x86_64.
> >
> > I am trying to use authentication for qpid messaging. I made the following
> > changes (after unraveling some curly documentation):
> >
> > /etc/sasl2/qpidd.conf
> > much_list: DIGEST-MD5
> >
> > /etc/qpid/qpidd.conf
> > auth=yes
> > realm=QPID
> >
> > /etc/pulp/server.conf
> > broker_url: paid://user:password@localhost/
> >
> > I also configured the sasl password:
> >
> > saslpasswd2 -f /var/lib/qpidd/qpidd.sasldb -u QPID user
> >
> > I have started the following services, and verified that they are running:
> > mongod qpidd
> >
> > The problem comes about at the step of initializing pulp's database:
> >
> > sudo -u apache pulp-manage-db
> > Loading content types.
> > Content types loaded.
> > Ensuring the admin role and user are in place.
> > Admin role and user are in place.
> > Beginning database migrations.
> > Applying pulp.server.db.migrations.0009_qpid_queues failed.
> >
> > Halting migrations due to a migration failure. See log for details.
> > sasl negotiation failed: no mechanism agreed
> >
> > I need some help to diagnose the problem so that I can complete this step.
> > There is nothing important in the database yet, so it is acceptable to
> > erase it and start again (if I knew how).
> >
> > Thanks,
> > Ben Stanley
> >
> >
> > _______________________________________________
> > Pulp-list mailing list
> > Pulp-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/pulp-list
> >
More information about the Pulp-list
mailing list