[Pulp-list] Can't access API on fresh new pulp instance via https

Daniel Alley dalley at redhat.com
Thu Nov 5 01:43:43 UTC 2020 

Actually, HTTP 301 *is* a redirect, so we do in fact do this.  It's just
that httpie doesn't follow redirects by default, you have to tell it to do
so.  So this works fine:

http --follow GET :24817/pulp/api/v3/status
>

On Wed, Nov 4, 2020 at 8:09 PM Daniel Alley <dalley at redhat.com> wrote:

> Hi Tim,
>
> The way the web server is currently configured by default, trailing
> slashes are required. Try "https://pulp.biamp.com/pulp/api/v3/status/"
> instead.
>
> I think that in this situation a lot of APIs would silently redirect to
> the correct version, but we don't currently support that.  I do know that
> it has been discussed in the past and I vaguely remember there having been
> some reasons for doing this, but I can't seem to find any of those
> discussions, nor remember what the reasoning was. Maybe someone else does?
>
>
>
> On Wed, Nov 4, 2020 at 7:18 PM Tim Black <timblaktu at gmail.com> wrote:
>
>> I found this httpie issue <https://github.com/httpie/httpie/issues/480>,
>> basically, the certs I imported into debian aren't respected by httpie. So
>> I think I need to use --verify or --cert option of httpie.
>>
>> But when I use --verify no, I get a 301:
>>
>> [tblack-stretch]/home/tblack/pulpcerts/certs > http --verify no
>> https://pulp.biamp.com/pulp/api/v3/status
>> HTTP/1.1 301 Moved Permanently
>> Connection: keep-alive
>> Content-Length: 0
>> Content-Type: text/html; charset=utf-8
>> Date: Thu, 05 Nov 2020 00:07:19 GMT
>> Location: /pulp/api/v3/status/
>> Server: nginx/1.14.2
>>
>> and if I use --cert to point to the pulp-generated CA cert I copied over
>> from pulp, I get a different httpie error, I believe indicating I'm using
>> the wrong format cert:
>>
>>   http: error: Error: [('PEM routines', 'get_name', 'no start line'),
>> ('SSL routines', 'SSL_CTX_use_PrivateKey_file', 'PEM lib')]
>>
>> Thanks for your help.
>>
>> On Wed, Nov 4, 2020 at 3:54 PM Tim Black <timblaktu at gmail.com> wrote:
>>
>>> I have installed a new pulp instance using pulp.pulp_installer 3.8.1 and
>>> the below ansible play, which mostly uses defaults. The containing playbook
>>> runs to completion with no errors, but I get the following error trying to
>>> access the api status endpoint with httpie:
>>>
>>> [tblack-stretch]cmm/ansible/projects/pulp > http
>>> https://pulp.biamp.com/pulp/api/v3/status
>>> <https://pulp.mydomain.com/pulp/api/v3/status>
>>>
>>> http: error: SSLError: HTTPSConnectionPool(host='pulp.biamp.com
>>> <http://pulp.mydomain.com>', port=443): Max retries exceeded with url:
>>> /pulp/api/v3/status (Caused by SSLError(SSLError("bad handshake:
>>> Error([('SSL routines', 'tls_process_server_certificate', 'certificate
>>> verify failed')],)",),)) while doing GET request to URL:
>>> https://pulp.biamp.com/pulp/api/v3/status
>>> <https://pulp.mydomain.com/pulp/api/v3/status>
>>>
>>> It says it failed to verify the certificate. I've read the docs about
>>> ssl configuration
>>> <https://docs.pulpproject.org/pulpcore/installation/instructions.html#ssl>,
>>> and I have copied both the pulp-generated self-signed root CA and
>>> webserver certs from `/etc/pulp/certs/` to the client (tblack-stretch) I'm
>>> running httpie from. There, I imported the certs by placing them in
>>> /usr/local/share/ca-certificates/extra and running
>>> update-ca-certificates, but still got the same error.
>>>
>>> Here is my play that invokes  pulp.pulp_installer.pulp_all_services. Any
>>> help would be appreciated. Thanks.
>>>
>>> - name: Install Pulp
>>>   hosts: pulp_cluster
>>>   vars:
>>>     # Pulp Installer Variables Documentation:
>>> https://pulp-installer.readthedocs.io/en/3.8.1/#variables
>>>     pulp_install_plugins:
>>>       # IMPORTANT! Compatibility Between Pulpcore and Pulp Plugins Must
>>> be Manually Confirmed/Specified!
>>>       #
>>> https://pulp-installer.readthedocs.io/en/3.8.1/#note-on-plugin-version-compatibility-with-pulpcore
>>>       # There is a tool that helps you find the compatible plugin
>>> versions.
>>>       #   https://github.com/fao89/pdc
>>>       pulp-ansible:
>>>         version: 0.5.0
>>>       pulp-container:
>>>         version: 2.1.0
>>>       pulp-deb:
>>>         version: 2.7.0
>>>       pulp-file:
>>>         version: 1.3.0
>>>       pulp-python:
>>>         version: 3.0.0b11
>>>     pulp_default_admin_password: "{{ pulp_admin_password }}"
>>>     pulp_settings:
>>>       secret_key: "{{ pulp_django_secret_key }}"
>>>       content_origin: "https://{{ ansible_fqdn }}"
>>>   pre_tasks:
>>>     # The version string below is the highest of all those in roles'
>>> metadata:
>>>     # "min_ansible_version". It needs to be kept manually up-to-date.
>>>     - name: Verify Ansible meets min required version
>>>       assert:
>>>         that: "ansible_version.full is version_compare('2.8', '>=')"
>>>         msg: >
>>>           "You must update Ansible to at least 2.8 to use this version
>>> of Pulp 3 Installer."
>>>   roles:
>>>     - pulp.pulp_installer.pulp_all_services
>>>   environment:
>>>     DJANGO_SETTINGS_MODULE: pulpcore.app.settings
>>>
>>> _______________________________________________
>> Pulp-list mailing list
>> Pulp-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/pulp-list
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20201104/2ce2ffc5/attachment.htm>

More information about the Pulp-list mailing list