[Spacewalk-list] Spacewalk Proxy 1.6 and non-self signed certificates

Lopez, Abel abelopez at tribune.com
Wed Jan 25 17:57:14 UTC 2012 

After applying the change described here, I now get 500 Error in the GUI,
and this error in error_log
[Wed Jan 25 09:45:29 2012] [error] Execution of
/var/www/html/network/systems/details/proxy.pxt failed at Wed Jan 25
09:45:29 2012: RHN::Exception: User '1' attempted to access proxy
interface without permission.\n  Sniglets::Servers
/usr/lib/perl5/vendor_perl/5.8.8/Sniglets/Servers.pm 150
RHN::Exception::throw\n  PXT::Parser
/usr/lib/perl5/vendor_perl/5.8.8/PXT/Parser.pm 160
Sniglets::Servers::proxy_entitlement_form\n  PXT::Parser
/usr/lib/perl5/vendor_perl/5.8.8/PXT/Parser.pm 72
PXT::Parser::expand_tag\n  PXT::ApacheHandler
/usr/lib/perl5/vendor_perl/5.8.8/PXT/ApacheHandler.pm 500
PXT::Parser::expand_tags\n  PXT::ApacheHandler
/usr/lib/perl5/vendor_perl/5.8.8/PXT/ApacheHandler.pm 103
PXT::ApacheHandler::pxt_parse_data\n  PXT::ApacheHandler
/usr/lib/perl5/vendor_perl/5.8.8/PXT/ApacheHandler.pm 103 (eval)\n  main
-e 0 PXT::ApacheHandler::handler\n  main -e 0 (eval)

On 1/16/12 4:15 AM, "Jan Pazdziora" <jpazdziora at redhat.com> wrote:

>On Tue, Jan 10, 2012 at 02:13:40PM -0500, Scott Worthington wrote:
>> On Tuesday, January 10, 2012 10:33:54 AM, Jan Pazdziora wrote:
>> 
>> [...]
>> 
>> > The error is
>> >
>> > 	[error] acl fail: user_role(org_admin);
>>system_feature(ftr_proxy_capable); org_channel_family(rhn-proxy);
>>child_channel_candidate(rhn-proxy) at
>>/usr/lib/perl5/vendor_perl/5.8.8/PXT/ApacheAuth.pm line 141.
>> >
>> > in /var/log/httpd/error_log.
>> >
>> > Mirek, can you investigate?
>> >
>> >> Since the Spacewalk Proxy successfully activated to Spacewalk, I
>> >> assumed all was go.
>> >
>> > Yes, your Proxy should be good to go, you just won't be able to see it
>> > on the WebUI.
>> >
>> >> Any idea where else I should look to find out why I am getting a
>> >> permission error?
>> >
>> > It's a .pxt page, so under /var/log/httpd.
>> 
>> Yes, just as you said, I found the errors  the /var/log/httpd/error_log
>> as:
>> 
>> acl fail: user_role(org_admin); system_feature(ftr_proxy_capable);
>> org_channel_family(rhn-prdidate(rhn-proxy) at
>> /usr/share/perl5/vendor_perl/PXT/ApacheAuth.pm line 141
>
>Could you please apply the following patch to
>/etc/httpd/conf.d/zz-spacewalk-www.conf, restart httpd and see
>if it fixes the problem for you?
>
>diff --git a/spacewalk/config/etc/httpd/conf.d/zz-spacewalk-www.conf
>b/spacewalk/config/etc/httpd/conf.d/zz-spacewalk-www.conf
>index cde64a3..33fcaeb 100644
>--- a/spacewalk/config/etc/httpd/conf.d/zz-spacewalk-www.conf
>+++ b/spacewalk/config/etc/httpd/conf.d/zz-spacewalk-www.conf
>@@ -161,7 +161,7 @@ PerlModule PXT::ApacheAuth
> 	<Files proxy.pxt>
> 		ForceType text/pxt
> 		SetHandler perl-script
>-		require acl mixin RHN::Access::System user_role(org_admin);
>system_feature(ftr_proxy_capable); org_channel_family(rhn-proxy);
>child_channel_candidate(rhn-proxy)
>+		require acl mixin RHN::Access::System user_role(org_admin);
>system_feature(ftr_proxy_capable) or system_is_proxy();
>org_channel_family(rhn-proxy) or system_is_proxy();
>child_channel_candidate(rhn-proxy) or system_is_proxy()
> 	</Files>
> 
> 	<Files activation.pxt>
>
>-- 
>Jan Pazdziora
>Principal Software Engineer, Satellite Engineering, Red Hat
>
>_______________________________________________
>Spacewalk-list mailing list
>Spacewalk-list at redhat.com
>https://www.redhat.com/mailman/listinfo/spacewalk-list

More information about the Spacewalk-list mailing list