[Pulp-list] nodes and Oauth

Salvatore Di Nardo sdinardo at ebi.ac.uk
Mon May 18 11:19:36 UTC 2015 

Hello everyone. I hope someone could help me with this.
Since i dont want to rely on a single server (for resiliency reasons). I 
triied to configure a child pulp node but i'm stuck with some Oauth 
authentication failure that instst triing to use ssl:

    pulp-admin node sync run --node-id=************
    This command may be exited via ctrl+c without affecting the request.



    RequestException: GET request on
    /pulp/api/v2/consumers/************/bindings/
    failed with 401 - Authentication with username None failed: invalid SSL
    certificate.



Trying to dig with the issue it seems that oauth had been depretated 
since pulp 2.4 :

    /"/Deprecated since version 2.4.0: OAuth"


but still its a mandatory requirement on pulp 2.6:

    "The communication between the child and parent nodes is secured
    using OAuth. The child node must have OAuth enabled and configured. "


Should i assume that the whole nodes concept its deprecated? I dont see 
ANY alternative authentication form in /etc/pulp/nodes.conf or 
documented. Googling i saw similar issues but no solutions so far. I 
could even ignore the deprecated thing if at least works, but it doesn't:

    May 18 11:07:49 hx-syr-02 goferd: [INFO][worker-0]
    gofer.messaging.adapter.qpid.connection:115 - connecting: URL:
    amqp://************|SSL: ca: None|key: None|certificate: /etc/pki/pul
    p/consumer/consumer-cert.pem|host-validation: None
    May 18 11:07:49 hx-syr-02 goferd: [INFO][worker-0]
    gofer.messaging.adapter.qpid.connection:129 - connected:
    amqp://hx-syr-01.ebi.ac.uk
    May 18 11:07:49 hx-syr-02 goferd: [INFO][worker-0]
    gofer.rmi.dispatcher:600 - call: Content.update()
    sn=ab39781f-6cfb-44d1-9a21-b668f1592803 data={'task_id':
    '8ec78b83-bf04-4406-a8a5-d947645
    f5028', 'consumer_id': 'hx-syr-02'}
    May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
    pulp.agent.lib.dispatcher:112 - handler failed
    May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
    pulp.agent.lib.dispatcher:112 - Traceback (most recent call last):
    May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
    pulp.agent.lib.dispatcher:112 -   File
    "/usr/lib/python2.7/site-packages/pulp/agent/lib/dispatcher.py",
    line 108, in update
    May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
    pulp.agent.lib.dispatcher:112 -     report = handler.update(conduit,
    units, dict(options))
    May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
    pulp.agent.lib.dispatcher:112 -   File
    "/usr/lib/python2.7/site-packages/pulp_node/handlers/handler.py",
    line 92, in update
    May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
    pulp.agent.lib.dispatcher:112 -     bindings =
    RepositoryBinding.fetch_all(pulp_bindings, conduit.consumer_id)
    May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
    pulp.agent.lib.dispatcher:112 -   File
    "/usr/lib/python2.7/site-packages/pulp_node/handlers/model.py", line
    513, in fetch_all
    May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
    pulp.agent.lib.dispatcher:112 -     http =
    bindings.bind.find_by_id(node_id)
    May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
    pulp.agent.lib.dispatcher:112 -   File
    "/usr/lib/python2.7/site-packages/pulp/bindings/consumer.py", line
    158, in find_by_id
    May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
    pulp.agent.lib.dispatcher:112 -     return self.server.GET(path)
    May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
    pulp.agent.lib.dispatcher:112 -   File
    "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 92,
    in GET
    May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
    pulp.agent.lib.dispatcher:112 -     return self._request('GET',
    path, queries)
    May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
    pulp.agent.lib.dispatcher:112 -   File
    "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line
    150, in _request
    May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
    pulp.agent.lib.dispatcher:112 -
    self._handle_exceptions(response_code, response_body)
    May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
    pulp.agent.lib.dispatcher:112 -   File
    "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line
    191, in _handle_exceptions
    May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
    pulp.agent.lib.dispatcher:112 -     raise
    code_class_mappings[response_code](response_body)
    May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
    pulp.agent.lib.dispatcher:112 - PermissionsException:
    RequestException: GET request on
    /pulp/api/v2/consumers/hx-syr-02/bindings/ failed w
    ith 401 - Authentication with username admin failed: invalid oauth
    credentials.
    May 18 11:07:49 hx-syr-02 goferd: [INFO][worker-0]
    gofer.agent.rmi:128 - sn=ab397


Since didn't wanted to acquire a valid ssl signature i disabled ssl 
everywhere and i managed to sign consumers properly, but it does not 
work withparent-child repo syncs. I tried to generate oauth keys witht 
his script: 
https://thomashunter.name/blog/generate-oauth-consumer-key-and-shared-secrets-using-php/ 
and even triied with the defult "pre 2.4" keys:

[oauth]
enabled = true
oauth_key = ab3cd9j4ks73hf7g
oauth_secret = xyz4992k83j47x0bBoo8fue3yohneepo

but nothing works. Did anyone managed to configure a child node in pulp 2.6?


Thanks in advance for any hint/help
Salvatore
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20150518/157e8dae/attachment.htm>

More information about the Pulp-list mailing list