[Pulp-list] Can't access API on fresh new pulp instance via https
Daniel Alley
dalley at redhat.com
Thu Nov 5 01:43:43 UTC 2020
Actually, HTTP 301 *is* a redirect, so we do in fact do this. It's just
that httpie doesn't follow redirects by default, you have to tell it to do
so. So this works fine:
http --follow GET :24817/pulp/api/v3/status
>
On Wed, Nov 4, 2020 at 8:09 PM Daniel Alley <dalley at redhat.com> wrote:
> Hi Tim,
>
> The way the web server is currently configured by default, trailing
> slashes are required. Try "https://pulp.biamp.com/pulp/api/v3/status/"
> instead.
>
> I think that in this situation a lot of APIs would silently redirect to
> the correct version, but we don't currently support that. I do know that
> it has been discussed in the past and I vaguely remember there having been
> some reasons for doing this, but I can't seem to find any of those
> discussions, nor remember what the reasoning was. Maybe someone else does?
>
>
>
> On Wed, Nov 4, 2020 at 7:18 PM Tim Black <timblaktu at gmail.com> wrote:
>
>> I found this httpie issue <https://github.com/httpie/httpie/issues/480>,
>> basically, the certs I imported into debian aren't respected by httpie. So
>> I think I need to use --verify or --cert option of httpie.
>>
>> But when I use --verify no, I get a 301:
>>
>> [tblack-stretch]/home/tblack/pulpcerts/certs > http --verify no
>> https://pulp.biamp.com/pulp/api/v3/status
>> HTTP/1.1 301 Moved Permanently
>> Connection: keep-alive
>> Content-Length: 0
>> Content-Type: text/html; charset=utf-8
>> Date: Thu, 05 Nov 2020 00:07:19 GMT
>> Location: /pulp/api/v3/status/
>> Server: nginx/1.14.2
>>
>> and if I use --cert to point to the pulp-generated CA cert I copied over
>> from pulp, I get a different httpie error, I believe indicating I'm using
>> the wrong format cert:
>>
>> http: error: Error: [('PEM routines', 'get_name', 'no start line'),
>> ('SSL routines', 'SSL_CTX_use_PrivateKey_file', 'PEM lib')]
>>
>> Thanks for your help.
>>
>> On Wed, Nov 4, 2020 at 3:54 PM Tim Black <timblaktu at gmail.com> wrote:
>>
>>> I have installed a new pulp instance using pulp.pulp_installer 3.8.1 and
>>> the below ansible play, which mostly uses defaults. The containing playbook
>>> runs to completion with no errors, but I get the following error trying to
>>> access the api status endpoint with httpie:
>>>
>>> [tblack-stretch]cmm/ansible/projects/pulp > http
>>> https://pulp.biamp.com/pulp/api/v3/status
>>> <https://pulp.mydomain.com/pulp/api/v3/status>
>>>
>>> http: error: SSLError: HTTPSConnectionPool(host='pulp.biamp.com
>>> <http://pulp.mydomain.com>', port=443): Max retries exceeded with url:
>>> /pulp/api/v3/status (Caused by SSLError(SSLError("bad handshake:
>>> Error([('SSL routines', 'tls_process_server_certificate', 'certificate
>>> verify failed')],)",),)) while doing GET request to URL:
>>> https://pulp.biamp.com/pulp/api/v3/status
>>> <https://pulp.mydomain.com/pulp/api/v3/status>
>>>
>>> It says it failed to verify the certificate. I've read the docs about
>>> ssl configuration
>>> <https://docs.pulpproject.org/pulpcore/installation/instructions.html#ssl>,
>>> and I have copied both the pulp-generated self-signed root CA and
>>> webserver certs from `/etc/pulp/certs/` to the client (tblack-stretch) I'm
>>> running httpie from. There, I imported the certs by placing them in
>>> /usr/local/share/ca-certificates/extra and running
>>> update-ca-certificates, but still got the same error.
>>>
>>> Here is my play that invokes pulp.pulp_installer.pulp_all_services. Any
>>> help would be appreciated. Thanks.
>>>
>>> - name: Install Pulp
>>> hosts: pulp_cluster
>>> vars:
>>> # Pulp Installer Variables Documentation:
>>> https://pulp-installer.readthedocs.io/en/3.8.1/#variables
>>> pulp_install_plugins:
>>> # IMPORTANT! Compatibility Between Pulpcore and Pulp Plugins Must
>>> be Manually Confirmed/Specified!
>>> #
>>> https://pulp-installer.readthedocs.io/en/3.8.1/#note-on-plugin-version-compatibility-with-pulpcore
>>> # There is a tool that helps you find the compatible plugin
>>> versions.
>>> # https://github.com/fao89/pdc
>>> pulp-ansible:
>>> version: 0.5.0
>>> pulp-container:
>>> version: 2.1.0
>>> pulp-deb:
>>> version: 2.7.0
>>> pulp-file:
>>> version: 1.3.0
>>> pulp-python:
>>> version: 3.0.0b11
>>> pulp_default_admin_password: "{{ pulp_admin_password }}"
>>> pulp_settings:
>>> secret_key: "{{ pulp_django_secret_key }}"
>>> content_origin: "https://{{ ansible_fqdn }}"
>>> pre_tasks:
>>> # The version string below is the highest of all those in roles'
>>> metadata:
>>> # "min_ansible_version". It needs to be kept manually up-to-date.
>>> - name: Verify Ansible meets min required version
>>> assert:
>>> that: "ansible_version.full is version_compare('2.8', '>=')"
>>> msg: >
>>> "You must update Ansible to at least 2.8 to use this version
>>> of Pulp 3 Installer."
>>> roles:
>>> - pulp.pulp_installer.pulp_all_services
>>> environment:
>>> DJANGO_SETTINGS_MODULE: pulpcore.app.settings
>>>
>>> _______________________________________________
>> Pulp-list mailing list
>> Pulp-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/pulp-list
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20201104/2ce2ffc5/attachment.htm>
More information about the Pulp-list
mailing list