[Pulp-list] Access Pulp 3 Api from a remote machine
Bin Li (BLOOMBERG/ 120 PARK)
bli111 at bloomberg.net
Wed Oct 2 14:27:47 UTC 2019
Hi Mike,
Here is the output from my host
# netstat -lntp |grep -E ":248|:80"
tcp 0 0 0.0.0.0:24816 0.0.0.0:* LISTEN 3356/python3
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3085/nginx: master
tcp 0 0 127.0.0.1:24817 0.0.0.0:* LISTEN 3353/python3
Below is what we have tried. Both port 80 and 24817 works on localhost but not on the ip.
Creating a repo on localhost:80 works.
http -a admin:admin POST http://localhost:80/pulp/api/v3/repositories/ name=testrepo
Use ip address instead of localhost got 403 error.
http -a admin:admin POST http://<ipaddress>:80/pulp/api/v3/repositories/ name=testrepo1
HTTP/1.1 403 Forbidden
Creating a repo on localhost:24817 works also.
http -a admin:admin POST http://localhost:24817/pulp/api/v3/repositories/ name=testrepo1
Got 403 error again user ip on port 24817
http -a admin:admin POST http://<ipaddress>:24817/pulp/api/v3/repositories/ name=testrepo1
HTTP/1.1 403 Forbidden
We do have ALLOWED_HOSTS = '*' in /etc/pulp/settings.py
Thanks
From: mikedep333 at redhat.com At: 09/27/19 10:04:05To: Bin Li (BLOOMBERG/ 120 PARK )
Cc: pulp-list at redhat.com
Subject: Re: [Pulp-list] Access Pulp 3 Api from a remote machine
Hi Bin,
In pulplift, which probably uses the default values for these settings in ansible-pulp, this is how the servers listen by default:
[vagrant at pulp3-source-fedora30 ~]$ sudo netstat -lntp | grep -E ":248|:80"
tcp 0 0 127.0.0.1:24816 0.0.0.0:* LISTEN 11871/python3
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 594/nginx: master p
tcp 0 0 127.0.0.1:24817 0.0.0.0:* LISTEN 12007/python3
So when I tried to connect to <ipaddress>:24817 rather than <ipaddress>:80, I got "connection refused" / "no route to host", not HTTP 403.
And note that under such a setup (with nginx in front), port 80 is the preferred way to access both pulp-api and pulp-content.
Can you confirm that your netstat looks similar to that? If so, then let's start looking for reasons why it would differ based on <ipaddress> vs localhost.
Also, you can run:
sudo journalctl -u pulp-api.service
-Mike
On Thu, Sep 26, 2019 at 1:48 PM Bin Li (BLOOMBERG/ 120 PARK) <bli111 at bloomberg.net> wrote:
Mike, we have the .netrc configured. On the pulp server, it works if we use localhost:24817 but got 403 error when use <ipaddress>:24817. It looks like the Django only allows connection to localhost. We are looking for a way to connect from a different host.
From: mikedep333 at redhat.com At: 09/25/19 19:21:51To: Bin Li (BLOOMBERG/ 120 PARK )
Cc: pulp-list at redhat.com
Subject: Re: [Pulp-list] Access Pulp 3 Api from a remote machine
The http client needs to authenticate with username (default: "admin") and password (default: "password" or "admin").
On Linux, Mac and Windows, you can create a ~/.netrc (Windows: %HOME%\_netrc ) file that httpie, curl, etc will use:
https://github.com/bagder/everything-curl/blob/master/usingcurl-netrc.md
-Mike
On Wed, Sep 25, 2019, 4:35 PM Bin Li (BLOOMBERG/ 120 PARK) <bli111 at bloomberg.net> wrote:
Hi, We are trying to access the api on :24817 from remote server. We have add ALLOWED_HOSTS = ['*'] to settings.py and update the gunicorn to bind 0.0.0.0:24817. Still getting a 403 Forbidden error. What else should we update to enable the remote api access?
Thanks_______________________________________________
Pulp-list mailing list
Pulp-list at redhat.com
https://www.redhat.com/mailman/listinfo/pulp-list
--
Mike DePaulo
He / Him / His
Service Reliability Engineer, Pulp
Red Hat
IM: mikedep333
GPG: 51745404
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20191002/8f9c71c0/attachment.htm>
More information about the Pulp-list
mailing list