[Pulp-list] Can't access API on fresh new pulp instance via https

Daniel Alley dalley at redhat.com
Thu Nov 5 01:09:54 UTC 2020


Hi Tim,

The way the web server is currently configured by default, trailing slashes
are required. Try "https://pulp.biamp.com/pulp/api/v3/status/" instead.

I think that in this situation a lot of APIs would silently redirect to the
correct version, but we don't currently support that.  I do know that it
has been discussed in the past and I vaguely remember there having been
some reasons for doing this, but I can't seem to find any of those
discussions, nor remember what the reasoning was. Maybe someone else does?



On Wed, Nov 4, 2020 at 7:18 PM Tim Black <timblaktu at gmail.com> wrote:

> I found this httpie issue <https://github.com/httpie/httpie/issues/480>,
> basically, the certs I imported into debian aren't respected by httpie. So
> I think I need to use --verify or --cert option of httpie.
>
> But when I use --verify no, I get a 301:
>
> [tblack-stretch]/home/tblack/pulpcerts/certs > http --verify no
> https://pulp.biamp.com/pulp/api/v3/status
> HTTP/1.1 301 Moved Permanently
> Connection: keep-alive
> Content-Length: 0
> Content-Type: text/html; charset=utf-8
> Date: Thu, 05 Nov 2020 00:07:19 GMT
> Location: /pulp/api/v3/status/
> Server: nginx/1.14.2
>
> and if I use --cert to point to the pulp-generated CA cert I copied over
> from pulp, I get a different httpie error, I believe indicating I'm using
> the wrong format cert:
>
>   http: error: Error: [('PEM routines', 'get_name', 'no start line'),
> ('SSL routines', 'SSL_CTX_use_PrivateKey_file', 'PEM lib')]
>
> Thanks for your help.
>
> On Wed, Nov 4, 2020 at 3:54 PM Tim Black <timblaktu at gmail.com> wrote:
>
>> I have installed a new pulp instance using pulp.pulp_installer 3.8.1 and
>> the below ansible play, which mostly uses defaults. The containing playbook
>> runs to completion with no errors, but I get the following error trying to
>> access the api status endpoint with httpie:
>>
>> [tblack-stretch]cmm/ansible/projects/pulp > http
>> https://pulp.biamp.com/pulp/api/v3/status
>> <https://pulp.mydomain.com/pulp/api/v3/status>
>>
>> http: error: SSLError: HTTPSConnectionPool(host='pulp.biamp.com
>> <http://pulp.mydomain.com>', port=443): Max retries exceeded with url:
>> /pulp/api/v3/status (Caused by SSLError(SSLError("bad handshake:
>> Error([('SSL routines', 'tls_process_server_certificate', 'certificate
>> verify failed')],)",),)) while doing GET request to URL:
>> https://pulp.biamp.com/pulp/api/v3/status
>> <https://pulp.mydomain.com/pulp/api/v3/status>
>>
>> It says it failed to verify the certificate. I've read the docs about
>> ssl configuration
>> <https://docs.pulpproject.org/pulpcore/installation/instructions.html#ssl>,
>> and I have copied both the pulp-generated self-signed root CA and
>> webserver certs from `/etc/pulp/certs/` to the client (tblack-stretch) I'm
>> running httpie from. There, I imported the certs by placing them in
>> /usr/local/share/ca-certificates/extra and running update-ca-certificates,
>> but still got the same error.
>>
>> Here is my play that invokes  pulp.pulp_installer.pulp_all_services. Any
>> help would be appreciated. Thanks.
>>
>> - name: Install Pulp
>>   hosts: pulp_cluster
>>   vars:
>>     # Pulp Installer Variables Documentation:
>> https://pulp-installer.readthedocs.io/en/3.8.1/#variables
>>     pulp_install_plugins:
>>       # IMPORTANT! Compatibility Between Pulpcore and Pulp Plugins Must
>> be Manually Confirmed/Specified!
>>       #
>> https://pulp-installer.readthedocs.io/en/3.8.1/#note-on-plugin-version-compatibility-with-pulpcore
>>       # There is a tool that helps you find the compatible plugin
>> versions.
>>       #   https://github.com/fao89/pdc
>>       pulp-ansible:
>>         version: 0.5.0
>>       pulp-container:
>>         version: 2.1.0
>>       pulp-deb:
>>         version: 2.7.0
>>       pulp-file:
>>         version: 1.3.0
>>       pulp-python:
>>         version: 3.0.0b11
>>     pulp_default_admin_password: "{{ pulp_admin_password }}"
>>     pulp_settings:
>>       secret_key: "{{ pulp_django_secret_key }}"
>>       content_origin: "https://{{ ansible_fqdn }}"
>>   pre_tasks:
>>     # The version string below is the highest of all those in roles'
>> metadata:
>>     # "min_ansible_version". It needs to be kept manually up-to-date.
>>     - name: Verify Ansible meets min required version
>>       assert:
>>         that: "ansible_version.full is version_compare('2.8', '>=')"
>>         msg: >
>>           "You must update Ansible to at least 2.8 to use this version of
>> Pulp 3 Installer."
>>   roles:
>>     - pulp.pulp_installer.pulp_all_services
>>   environment:
>>     DJANGO_SETTINGS_MODULE: pulpcore.app.settings
>>
>> _______________________________________________
> Pulp-list mailing list
> Pulp-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20201104/92e6eda5/attachment.htm>


More information about the Pulp-list mailing list