Hi All, Very new to Pulp. I am using 2.4.3-1 on Redhat Linux 7. I am trying to make a sync to a RHEL7 Repo.
Below I create the REPO. # Creating the RHEL7 Repo pulp-admin -uadmin -padmin rpm repo create --repo-id rhel-7-server \ --feed https://cdn.redhat.com/content/dist/rhel/server/7/$releasever/$basearch/os \ --feed-ca-cert=/etc/rhsm/ca/redhat-uep.pem \ --feed-key=/etc/pki/entitlement/66666666-key.pem \ --feed-cert=/etc/pki/entitlement/66666666.pem \ --display-name "rhel-7-server" --description "RHEL 7 YUM Files" Now I try to get the sync happening and I get this error: [root@pulp01 pulp]# pulp-admin rpm repo sync run --repo-id=rhel-7-server +----------------------------------------------------------------------+ Synchronizing Repository [rhel-7-server] +----------------------------------------------------------------------+ An error occurred attempting to contact the server. More information can be found in the client log file ~/.pulp/admin.log. I check the logs: cat /root/.pulp/admin.log 2014-10-27 11:44:30,609 - ERROR - Client-side exception occurred Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/pulp/client/extensions/core.py", line 478, in run exit_code = Cli.run(self, args) File "/usr/lib/python2.7/site-packages/okaara/cli.py", line 974, in run exit_code = command_or_section.execute(self.prompt, remaining_args) File "/usr/lib/python2.7/site-packages/pulp/client/extensions/extensions.py", line 224, in execute return self.method(*arg_list, **clean_kwargs) File "/usr/lib/python2.7/site-packages/pulp/client/commands/repo/sync_publish.py", line 124, in run existing_sync_tasks = _get_repo_tasks(self.context, repo_id, 'sync') File "/usr/lib/python2.7/site-packages/pulp/client/commands/repo/sync_publish.py", line 312, in _get_repo_tasks return context.server.tasks_search.search(**repo_search_criteria) File "/usr/lib/python2.7/site-packages/pulp/bindings/tasks.py", line 138, in search tasks = super(TaskSearchAPI, self).search(**kwargs) File "/usr/lib/python2.7/site-packages/pulp/bindings/search.py", line 106, in search response = self.server.POST(self.PATH, {'criteria':kwargs}) File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 99, in POST return self._request('POST', path, body=body, ensure_encoding=ensure_encoding) File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 143, in _request response_code, response_body = self.server_wrapper.request(method, url, body) File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 333, in request raise exceptions.ConnectionException(None, str(err), None) ConnectionException: (None, 'tlsv1 alert unknown ca', None) Looks like there is an SSL Cert error: as explained at https://pulp-rpm-user-guide.readthedocs.org/en/pulp-2.0/troubleshooting.html tail -f /var/log/httpd/ssl_error_log AH02039: Certificate Verification: Error (20): unable to get local issuer certificate So my confusment with the certificates are. We use a Microsoft ROOT CA Internally. Below is how I would configure SSL in Apache. vim /etc/httpd.conf.d/ssl.conf SSLCertificateFile /etc/pki/tls/certs/pulp01.cer = Signed by the Internal Root CA. SSLCertificateKeyFile /etc/pki/tls/private/pulp01.key SSLCACertificateFile /etc/pki/tls/certs/ca.cer = The Root CA Cert converted to a PEM (Usually never use this but testing it) This works fine for Internal SSL Apache websites. - For PULP I have copied these certs to /etc/pki/pulp given the certs 640 permissons and changes the ownership to root.apache. In my : vim /etc/pulp/server.conf [security] cacert: /etc/pki/pulp01.cer cakey: /etc/pki/pulp/pulp01.key ssl_ca_certificate: /etc/pki/pulp/ca.cer vim /etc/pulp/admin/admin.conf verify_ssl = True ca_path = /etc/pki/pulp/server.pem id_cert_dir = ~/.pulp id_cert_filename = user-cert.pem Can someone please school me in SSL or show me where I have messed up with the PULP SSL Setup? Thanks for your time.
_______________________________________________ Pulp-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-list
