Could you please share your settings by running the following commands on your Pulp server:
export DJANGO_SETTINGS_MODULE=pulpcore.app.settings export PULP_SETTINGS=/etc/pulp/settings.py (or wherever your settings are) dynaconf list Don't forget to obfuscate any settings you don't want to share. On Wed, Apr 22, 2020 at 9:15 AM Bin Li (BLOOMBERG/ 120 PARK) < bli...@bloomberg.net> wrote: > > Thank Dennis. This fixes the issue restarting pulp. With my LDAP > credential, now I can > http -a id:pwd GET localhost/pulp/api/v3/status/ but getting > "Authentication credentials were not provided" for all other uri > /remtes/rpm/rpm/. It looks like pulp is not using external authentication > and still need its own authentication somehow. > > > From: dkli...@redhat.com At: 04/22/20 06:52:35 > To: Bin Li (BLOOMBERG/ 120 PARK ) <bli...@bloomberg.net> > Cc: pulp-list@redhat.com > Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication > > You need to replace > > REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'] = > > with > > REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES = > > On Tue, Apr 21, 2020 at 10:09 PM Bin Li (BLOOMBERG/ 120 PARK) < > bli...@bloomberg.net> wrote: > >> This setting actually failed to restart pulp. See errors below. >> >> Apr 21 21:56:27 ip-1-76-158-49 gunicorn[24414]: NameError: name >> 'REST_FRAMEWORK' is not defined >> Apr 21 21:56:27 ip-1-76-158-49 gunicorn[24414]: [2020-04-21 21:56:27 >> -0400] [24417] [INFO] Worker exiting (pid: 24417) >> Apr 21 21:56:27 ip-1-76-158-49 gunicorn[24414]: [2020-04-21 21:56:27 >> -0400] [24414] [INFO] Shutting down: Master >> Apr 21 21:56:27 ip-1-76-158-49 gunicorn[24414]: [2020-04-21 21:56:27 >> -0400] [24414] [INFO] Reason: Worker failed to boot. >> Apr 21 21:56:27 ip-1-76-158-49 systemd[1]: pulpcore-api.service: main >> process exited, code=exited, status=3/NOTIMPLEMENTED >> Apr 21 21:56:27 ip-1-76-158-49 systemd[1]: Unit pulpcore-api.service >> entered failed state. >> Apr 21 21:56:27 ip-1-76-158-49 systemd[1]: pulpcore-api.service failed. >> Apr 21 21:56:27 ip-1-76-158-49 systemd[1]: >> pulpcore-resource-manager.service holdoff time over, scheduling restart. >> >> >> From: Bin Li (BLOOMBERG/ 120 PARK) At: 04/21/20 21:32:49 >> To: dkli...@redhat.com >> Cc: pulp-list@redhat.com >> Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication >> >> Yes, I did >> # pip list |grep dynaconf >> dynaconf 3.0.0rc1 >> >> >> From: dkli...@redhat.com At: 04/21/20 20:01:00 >> To: Bin Li (BLOOMBERG/ 120 PARK ) <bli...@bloomberg.net> >> Cc: pulp-list@redhat.com >> Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication >> >> Did you update dynaconf to 3.0.0rc1? There was a bug that caused the >> settings to get merged instead of overwritten. >> >> [0] https://pulp.plan.io/issues/6244 >> [1] https://pypi.org/project/dynaconf/3.0.0rc1/ >> >> On Tue, Apr 21, 2020 at 5:59 PM Bin Li (BLOOMBERG/ 120 PARK) < >> bli...@bloomberg.net> wrote: >> >>> I have followed the setup >>> https://www.nginx.com/blog/nginx-plus-authenticate-users/ to setup >>> nginx LDAP authentication. >>> >>> This command works "http -a admin:password GET >>> localhost/pulp/api/v3/repositories/rpm/rpm/ Cookie:nginxauth=XXXXXXX". The >>> Cookie is the base64 encoded ldap username and password. >>> >>> I assume I should follow the below so I don't have to specify admin:pwd >>> >>> https://docs.pulpproject.org/installation/authentication.html#webserver-auth-with-reverse-proxy >>> >>> Adding the below to settings.py doesn't seem to work. >>> REMOTE_USER_ENVIRON_NAME = 'HTTP_REMOTE_USER' >>> AUTHENTICATION_BACKENDS = >>> ['pulpcore.app.authentication.PulpNoCreateRemoteUserBackend'] >>> REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'] = ( >>> 'rest_framework.authentication.SessionAuthentication', >>> 'pulpcore.app.authentication.PulpRemoteUserAuthentication' >>> >>> I am a little confused what need to be added for this setup. >>> nginx <---http---> gunicorn <----WSGI----> pulpcore.app.wsgi application >>> >>> Please advise >>> Thanks >>> >>> >>> From: dkli...@redhat.com At: 04/17/20 10:45:31 >>> To: Bin Li (BLOOMBERG/ 120 PARK ) <bli...@bloomberg.net> >>> Cc: pulp-list@redhat.com >>> Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication >>> >>> Theoretically you should be able to use pulpcore-client even with LDAP >>> authentication in the web server. However, I have not tested this. I've >>> only helped users that use certificate authentication in the webserver. >>> What error are you seeing on the client side? Do you see any errors in pulp >>> logs? >>> >>> On Fri, Apr 17, 2020 at 10:20 AM Bin Li (BLOOMBERG/ 120 PARK) < >>> bli...@bloomberg.net> wrote: >>> >>>> Thanks Dennis. >>>> >>>> We use pulpcore python client to interact with api. Once we enable ldap >>>> on nginx, the below code that pulpcore-client authenticate will not work >>>> any more. I am wonder if we are still be able to use pulpcore-client? or we >>>> have to rewrite the client code. This sounds too much work for us for now. >>>> configuration = pulpcore.Configuration() >>>> configuration.host = 'http://localhost' >>>> configuration.username = 'admin' >>>> configuration.password = 'pwd' >>>> rpm_client = pulp_rpm.ApiClient(configuration) >>>> >>>> From: dkli...@redhat.com At: 04/16/20 08:38:38 >>>> To: Bin Li (BLOOMBERG/ 120 PARK ) <bli...@bloomberg.net> >>>> Cc: pulp-list@redhat.com >>>> Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication >>>> >>>> Please be aware that there is a bug in dynaconf 2.2 with how settings >>>> are merged[0]. I recommend upgrading it to dynaconf 3.0.0rc1 for best >>>> results when configuring authentication backends in pulp. >>>> >>>> [0] https://pulp.plan.io/issues/6244 >>>> [1] https://pypi.org/project/dynaconf/3.0.0rc1/ >>>> >>>> >>>> On Wed, Apr 15, 2020 at 7:02 PM Dennis Kliban <dkli...@redhat.com> >>>> wrote: >>>> >>>>> Pulp 3 does not currently support multiple users. We are planning to >>>>> add support for RBAC in the near future. However, I don't have a concrete >>>>> timeline for that. With all that said, you still can configure the web >>>>> server to perform authentication[0]. In this case Pulp will stop >>>>> performing >>>>> authentication and will simply look for a WSGI environment variable that >>>>> contains the username. >>>>> >>>>> [0] >>>>> https://docs.pulpproject.org/installation/authentication.html#webserver-auth >>>>> [1] >>>>> https://docs.pulpproject.org/settings.html?highlight=remote_user#remote-user-environ-name >>>>> >>>>> On Wed, Apr 15, 2020 at 3:19 PM Bin Li (BLOOMBERG/ 120 PARK) < >>>>> bli...@bloomberg.net> wrote: >>>>> >>>>>> >>>>>> I am thinking to configure nginx with ldap authentication, but I >>>>>> couldn't find a way to interact with the api. Does pulpcore-client work >>>>>> with ldap authentication? Has anyone made httpie work with ldap? >>>>>> >>>>>> Thanks >>>>>> _______________________________________________ >>>>>> Pulp-list mailing list >>>>>> Pulp-list@redhat.com >>>>>> https://www.redhat.com/mailman/listinfo/pulp-list >>>>> >>>>> >>>> >>> >> >
_______________________________________________ Pulp-list mailing list Pulp-list@redhat.com https://www.redhat.com/mailman/listinfo/pulp-list