[Pulp-list] pulp-manage-dbl sasl negotiation failed

Ben Stanley Ben.Stanley at exemail.com.au
Wed Dec 3 17:55:00 UTC 2014 

Thanks for getting back to me.

In the interests of making progress while America was enjoying 
thanksgiving, I decided to get a passwordless setup going, which is now 
working.

I will have to set up another vm to test password stuff, but I don't know 
when I will get to do that.

I found the documentation for how to set up the the qpid password stuff to 
be quite confusing. Apparently the qpid configuration file had moved from 
/etc/qpidd.conf to /etc/qpid/qpidd.conf, and this is not reflected in the 
qpid docs! I was initially quite confused about what file I was supposed to 
be editing, and initially I put those changes in /etc/sasl2/qpidd.conf !

Regarding the sasl2 changes, there was a typo:

/etc/sasl2/qpidd.conf
mech_list: DIGEST-MD5

I removed ANONYMOUS, EXTERNAL and PLAIN. The other possibility is GSSAPI, 
but that implies Kerberos, which I am not using.

The broker_url also had a typo, and the user and password words are of 
course placeholders for other values.
/etc/pulp/server.conf
broker_url: qpid://user:password@localhost/

And the user and password were set up with the command
saslpasswd2 -f /var/lib/qpidd/qpidd.sasldb -u QPID user

They were set up to match.

I will leave this thread be until I get to set up a test vm. Then I will 
have to try it again and inspect those logs.

Thanks for the help.
Ben.


On 2 December 2014 1:40:20 AM Brian Bouterse <bbouters at redhat.com> wrote:

> Hi Ben,
>
> Here are some thoughts that may help you identify the problem. Migration 
> 0009 tries to connect to the broker, so its likely that Pulp cannot 
> successfully connect to Qpid.
>
> - I typically don't set anything in /etc/sasl2/qpidd.conf. Perhaps that 
> feature is not working as expected. The Qpid docs may also be helpful in 
> getting the configuration of Qpid correct.
>
> - The /etc/qpid/qpidd.conf looks like Qpid should require authentication 
> and use the realm QPID, which looks correct. You can use the trace mode of 
> Qpid to get more info on the output of the client.
>
> - Your broker url uses a protocol handler 'paid'. I expect it to be 
> 'qpid://user:password@localhost/'. If this is actually your broker string 
> then I don't expect it would work.
>
> - I assume your SASL user named 'user' has the password set as 'password' 
> to match the broker string that you gave Pulp.
>
> - Getting the trace output of Qpid will help identify the root cause I 
> believe. Also the Pulp output logs would be good too. You should look in 
> those places for errors.
>
> Brian
>
>
> ----- Original Message -----
> > From: "ben stanley" <ben.stanley at exemail.com.au>
> > To: pulp-list at redhat.com
> > Sent: Thursday, November 27, 2014 12:47:59 AM
> > Subject: [Pulp-list] pulp-manage-dbl sasl negotiation failed
> >
> > Hi,
> >
> > I am trying to set up a pulp server, according to the instructions at
> >
> > http://pulp-user-guide.readthedocs.org/en/pulp-2.4/installation.html
> >
> > I am working on RHEL7 Workstation x86_64.
> >
> > I am trying to use authentication for qpid messaging. I made the following
> > changes (after unraveling some curly documentation):
> >
> > /etc/sasl2/qpidd.conf
> >     much_list: DIGEST-MD5
> >
> > /etc/qpid/qpidd.conf
> >     auth=yes
> >     realm=QPID
> >
> > /etc/pulp/server.conf
> >     broker_url: paid://user:password@localhost/
> >
> > I also configured the sasl password:
> >
> > saslpasswd2 -f /var/lib/qpidd/qpidd.sasldb -u QPID user
> >
> > I have started the following services, and verified that they are running:
> > mongod qpidd
> >
> > The problem comes about at the step of initializing pulp's database:
> >
> > sudo -u apache pulp-manage-db
> > Loading content types.
> > Content types loaded.
> > Ensuring the admin role and user are in place.
> > Admin role and user are in place.
> > Beginning database migrations.
> > Applying pulp.server.db.migrations.0009_qpid_queues failed.
> >
> > Halting migrations due to a migration failure.  See log for details.
> > sasl negotiation failed: no mechanism agreed
> >
> > I need some help to diagnose the problem so that I can complete this step.
> > There is nothing important in the database yet, so it is acceptable to
> > erase it and start again (if I knew how).
> >
> > Thanks,
> > Ben Stanley
> >
> >
> > _______________________________________________
> > Pulp-list mailing list
> > Pulp-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/pulp-list
> >

More information about the Pulp-list mailing list