[Pulp-list] nodes and Oauth

Dennis Kliban dkliban at redhat.com
Mon May 18 12:52:11 UTC 2015


> Hello everyone. I hope someone could help me with this.
> Since i dont want to rely on a single server (for resiliency reasons). I
> triied to configure a child pulp node but i'm stuck with some Oauth
> authentication failure that instst triing to use ssl:

I am not sure about your nodes problem, but I would suggest that you use the clustering guide [0] to create a highly available pulp. Nodes serve a different purpose. 

 - Dennis

[0] http://pulp.readthedocs.org/en/latest/user-guide/scaling.html#clustering

> 
> 
> 
> pulp-admin node sync run --node-id= ************
> This command may be exited via ctrl+c without affecting the request.
> 
> 
> 
> RequestException: GET request on /pulp/api/v2/consumers/ ************
> /bindings/
> failed with 401 - Authentication with username None failed: invalid SSL
> certificate.
> 
> Trying to dig with the issue it seems that oauth had been depretated since
> pulp 2.4 :
> 
> 
> 
> 
> " Deprecated since version 2.4.0: OAuth"
> but still its a mandatory requirement on pulp 2.6:
> 
> 
> 
> "The communication between the child and parent nodes is secured using OAuth.
> The child node must have OAuth enabled and configured. "
> 
> Should i assume that the whole nodes concept its deprecated? I dont see ANY
> alternative authentication form in /etc/pulp/nodes.conf or documented.
> Googling i saw similar issues but no solutions so far. I could even ignore
> the deprecated thing if at least works, but it doesn't:
> 
> 
> May 18 11:07:49 hx-syr-02 goferd: [INFO][worker-0]
> gofer.messaging.adapter.qpid.connection:115 - connecting: URL:
> amqp://************|SSL: ca: None|key: None|certificate: /etc/pki/pul
> p/consumer/consumer-cert.pem|host-validation: None
> May 18 11:07:49 hx-syr-02 goferd: [INFO][worker-0]
> gofer.messaging.adapter.qpid.connection:129 - connected:
> amqp://hx-syr-01.ebi.ac.uk
> May 18 11:07:49 hx-syr-02 goferd: [INFO][worker-0] gofer.rmi.dispatcher:600 -
> call: Content.update() sn=ab39781f-6cfb-44d1-9a21-b668f1592803
> data={'task_id': '8ec78b83-bf04-4406-a8a5-d947645
> f5028', 'consumer_id': 'hx-syr-02'}
> May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
> pulp.agent.lib.dispatcher:112 - handler failed
> May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
> pulp.agent.lib.dispatcher:112 - Traceback (most recent call last):
> May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
> pulp.agent.lib.dispatcher:112 - File
> "/usr/lib/python2.7/site-packages/pulp/agent/lib/dispatcher.py", line 108,
> in update
> May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
> pulp.agent.lib.dispatcher:112 - report = handler.update(conduit, units,
> dict(options))
> May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
> pulp.agent.lib.dispatcher:112 - File
> "/usr/lib/python2.7/site-packages/pulp_node/handlers/handler.py", line 92,
> in update
> May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
> pulp.agent.lib.dispatcher:112 - bindings =
> RepositoryBinding.fetch_all(pulp_bindings, conduit.consumer_id)
> May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
> pulp.agent.lib.dispatcher:112 - File
> "/usr/lib/python2.7/site-packages/pulp_node/handlers/model.py", line 513, in
> fetch_all
> May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
> pulp.agent.lib.dispatcher:112 - http = bindings.bind.find_by_id(node_id)
> May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
> pulp.agent.lib.dispatcher:112 - File
> "/usr/lib/python2.7/site-packages/pulp/bindings/consumer.py", line 158, in
> find_by_id
> May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
> pulp.agent.lib.dispatcher:112 - return self.server.GET(path)
> May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
> pulp.agent.lib.dispatcher:112 - File
> "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 92, in GET
> May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
> pulp.agent.lib.dispatcher:112 - return self._request('GET', path, queries)
> May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
> pulp.agent.lib.dispatcher:112 - File
> "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 150, in
> _request
> May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
> pulp.agent.lib.dispatcher:112 - self._handle_exceptions(response_code,
> response_body)
> May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
> pulp.agent.lib.dispatcher:112 - File
> "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 191, in
> _handle_exceptions
> May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
> pulp.agent.lib.dispatcher:112 - raise
> code_class_mappings[response_code](response_body)
> May 18 11:07:49 hx-syr-02 goferd: [ERROR][worker-0]
> pulp.agent.lib.dispatcher:112 - PermissionsException: RequestException: GET
> request on /pulp/api/v2/consumers/hx-syr-02/bindings/ failed w
> ith 401 - Authentication with username admin failed: invalid oauth
> credentials.
> May 18 11:07:49 hx-syr-02 goferd: [INFO][worker-0] gofer.agent.rmi:128 -
> sn=ab397
> 
> Since didn't wanted to acquire a valid ssl signature i disabled ssl
> everywhere and i managed to sign consumers properly, but it does not work
> withparent-child repo syncs. I tried to generate oauth keys witht his
> script:
> https://thomashunter.name/blog/generate-oauth-consumer-key-and-shared-secrets-using-php/
> and even triied with the defult "pre 2.4" keys:
> 
> [oauth]
> enabled = true
> oauth_key = ab3cd9j4ks73hf7g
> oauth_secret = xyz4992k83j47x0bBoo8fue3yohneepo
> 
> but nothing works. Did anyone managed to configure a child node in pulp 2.6?
> 
> 
> Thanks in advance for any hint/help
> Salvatore
> 
> _______________________________________________
> Pulp-list mailing list
> Pulp-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-list




More information about the Pulp-list mailing list