[Pulp-list] Pulp upgrade from 2.3 to 2.4 issues
bbouters at redhat.com
Tue Nov 25 15:09:06 UTC 2014
It sounds like you did things correctly, but Qpid must have still been running with authentication enabled even when you expected it to be off. With that environment and cyrus-sasl-plain missing, you would experiencing this error . Pulp 2.4.X and 2.5.X won't complain about the authentication mechanisms agreed unless Qpid is requiring auth and the package is missing. You could use the trace option on Qpid to see its authentication configuration as it starts up.
Also this was improved on the upcoming 2.6.0 release so that Qpid out of the box will work with Pulp out of the box regardless of packages like cyrus-sasl-plain. We did this work as part of this BZ .
Hopefully this is helpful in getting your systems setup.
----- Original Message -----
> From: "Steven Roberts" <strobert at strobe.net>
> To: "Brian Bouterse" <bbouters at redhat.com>
> Cc: "Mark Keller" <mdkeller at gmail.com>, pulp-list at redhat.com
> Sent: Tuesday, November 25, 2014 12:29:56 AM
> Subject: Re: [Pulp-list] Pulp upgrade from 2.3 to 2.4 issues
> On Mon, Nov 24, 2014 at 05:18:08PM -0500, Brian Bouterse wrote:
> > Hi Steve,
> > Setting auth=no in qpidd.conf and restarting Qpid will disable SASL
> > auth for Qpid, and also makes for an insecure installation. The
> > default broker string that Pulp uses to connect to Qpid does not
> > attempt to use auth, and will connect to a Qpid instance that has
> > authentication disabled. Mark received the SASL error so his Qpid
> > environment is still expecting auth.
> > If you set a setting in qpidd.conf you're changing the behavior or
> > Qpid, not Pulp. They need to be configured to work together. Hopefully
> > this is helpful.
> I get that setting auth=no /etc/qpid/qpidd.conf is affecting qpid
> configuration and not pulp.
> lemme give a little more info on this pulp deploy...
> This is a test deployment on my home gear that dates from early 2.x
> pulp. so not as old as my work deployment that is from the pre-2.0
> releases. pulp server is on CentOS6 (64bit). it and test clients
> openvz containers. pulp 2.4.3 (whatever was latest over the weekend)
> upgrade to 2.4 hit snags, couldn't get past this one:
> Applying pulp_rpm.plugins.migrations version 16
> Will not create a symlink to a non-existent source
> and seeing all of the changes in 2.4 figured just start from scratch (it
> is a test deployment).
> so did the fresh install instructions for pulp. given the setup,
> having qpid auth off (and not veiryfing ssl for that matter -- If
> someone can man-in-the-middle between two of my home openvz containers
> I've got bigger issues than my test pulp deployment :) ) seemed easiest.
> From the docs it sounds like pulp is set to not do qpid auth by default,
> do I figured disable auth in qpid and they would then match.
> seemed to go okay until I tried to issue a repo sync.
> that failed and from some poking around seems like was a SASL issue.
> that seeme doff to be since in theory I thought it was turned off on the
> pulp and qpid sides...
> I installed cyrus-sasl-plain and sure enough it started working.
> So did I miss something in the docs or is that a missing package dep?
> > -Brian
> P.S. of course looks like pulp stable just went to 2.5.0, so maybe
> something addressed in the new version?
More information about the Pulp-list