Re: Koji CLI Auth problem
On Wed, 2008-07-16 at 11:06 +0800, Linul wrote:
> HI:
>
> I'm using CentOS 5.2 for my Koji Server, but now I have a problem
> about Koji CLI auth.
>
> According the wiki document in
> http://fedoraproject.org/wiki/Koji/ServerHowTo , I setup my Koji-hub、
> Koji-web、postgresql
>
> , and have a koji web interface.
>
> I also setup my CA Center,and configure the kojiweb.conf、
> kojihub.conf、/etc/koji.conf.
>
> But when i execute the koji command with no username and password, the
> messages is:
>
> Error: [('PEM routines', 'PEM_read_bio', 'no start line'), ('SSL
> routines', 'SSL_CTX_use_PrivateKey_file', 'PEM lib')]
Your client certificate file (indicated by "cert" in the config file)
needs to contain both the certificate and private key. Your private key
is missing.
> why?
>
> thanks.
>
>
> /etc/koji.conf:
>
> [koji]
>
> ;configuration for koji cli tool
>
> ;url of XMLRPC server
> ;server = http://koji.fedoraproject.org/kojihub
> server = http://koji.ossii.com.tw/kojihub
>
> ;url of web interface
> ;weburl = http://koji.fedoraproject.org/koji
> weburl = http://koji.ossii.com.tw/koji
>
> ;url of package download site
> ;pkgurl = http://koji.fedoraproject.org/packages
> pkgurl = http://koji.ossii.com.tw/packages
>
> ;path to the koji top directory
> topdir = /mnt/koji
>
> ;configuration for SSL athentication
>
> ;client certificate
> ;cert = ~/.fedora.cert
> cert = /etc/kojid/kojiadmin.crt
>
> ;certificate of the CA that issued the client certificate
> ;ca = ~/.fedora-upload-ca.cert
> ca = /etc/kojid/kojiadmin.key
>
> ;certificate of the CA that issued the HTTP server certificate
> ;serverca = ~/.fedora-server-ca.cert
> serverca = /etc/httpd/conf.d/ssl/ossiikojica.crt
>
>
> kojihub.conf:
>
>
> SetHandler mod_python
> PythonHandler kojixmlrpc
> PythonOption DBName koji
> PythonOption DBUser kevin
> PythonOption DBHost 127.0.0.1
> PythonOption KojiDir /mnt/koji
>
> # Kerberos auth configuration
> # PythonOption AuthPrincipal [EMAIL PROTECTED]
> # PythonOption AuthKeytab /etc/koji.keytab
> # PythonOption ProxyPrincipals [EMAIL PROTECTED]
> # format string for host principals (%s = hostname)
> # PythonOption HostPrincipalFormat compile/[EMAIL PROTECTED]
> # end Kerberos auth configuration
>
> # SSL client certificate auth configuration
> # the client username is the common name of the subject of
> their client certificate
> PythonOption DNUsernameComponent CN
> # separate multiple DNs with |
> # PythonOption ProxyDNs "/C=US/ST=Massachusetts/O=Example
> Org/OU=Example User/CN=example/[EMAIL PROTECTED]"
> PythonOption ProxyDNs "/C=TW/ST=Taiwan/O=OSSII/OU=Koji Hub
> Server/CN=OSSII Koji Server CA/[EMAIL PROTECTED]"
> # end SSL client certificate auth configuration
>
> PythonOption LoginCreatesUser On
> PythonOption KojiWebURL http://koji.ossii.com.tw/koji
>
> # The domain name that will be appended to Koji usernames
> # when creating email notifications
> PythonOption EmailDomain example.com
> # PythonOption KojiDebug On
> # PythonOption KojiTraceback "extended"
> # sending tracebacks to the client isn't very helpful for
> debugging xmlrpc
> PythonDebug Off
> # autoreload is mostly useless to us (it would only reload
> kojixmlrpc.py)
> PythonAutoReload Off
>
>
> # uncomment this to enable authentication via SSL client certificates
>
> SSLOptions +StdEnvVars
>
> # these options must be enabled globally (in ssl.conf)
> SSLVerifyClient require
> SSLVerifyDepth 10
>
> kojiweb.conf:
>
> Alias /koji "/usr/share/koji-web/scripts/"
>
>
> # Config for the publisher handler
> SetHandler mod_python
> PythonHandler mod_python.publisher
>
> # General settings
> PythonDebug On
> PythonOption KojiHubURL http://koji.ossii.com.tw/kojihub
> PythonOption KojiWebURL http://koji.ossii.com.tw/koji
> PythonOption KojiPackagesURL
> http://koji.ossii.com.tw/koji/packages
> PythonOption WebPrincipal koji/[EMAIL PROTECTED]
> PythonOption WebKeytab /etc/httpd.keytab
> PythonOption WebCCache /var/tmp/kojiweb.ccache
> PythonOption WebCert /etc/httpd/conf.d/ssl/kojiweb.crt
> PythonOption ClientCA /etc/httpd/conf.d/ssl/kojiweb.key
> PythonOption KojiHubCA /etc/httpd/conf.d/ssl/ossiikojica.crt
> PythonOption LoginTimeout 72
> # This must be changed before deployment
> PythonOption Secret CHANGE_ME
> PythonPath "sys.path + ['/usr/share/koji-web/lib']"
> PythonCleanupHandler kojiweb.handlers::cleanup
> PythonAutoReload Off
>
>
> SSLOptions +StdEnvVars
>
> # these options must be enabled globally (in ssl.conf)
> SSLVerifyClient require
> SSLVerifyDepth 10
>
> Alias /koji-static/ "/usr/share/koji-web/static/"
>
>
> Options None
> AllowOverride None
> Order
mod_python error installing Koji
Hello all,
We are trying to setup the Koji build system for our Centos and Fedora
repositories. We are getting the errors below after following the setup
guide.
We have tried numerous different things to attempt to correct the errors
and nothing has worked. We initially thought it was an issue of what
user it was
being run as and we changed users around this did not work. We changed
various settings in our apache configuration and still no dice.
Here is the errors we are seeing on http://192.168.226.61/koji/:
MOD_PYTHON ERROR
ProcessId: 9453
Interpreter:'127.0.0.1'
ServerName: '127.0.0.1'
DocumentRoot: '/var/www/html'
URI:'/koji/'
Location: None
Directory: '/usr/share/koji-web/scripts/'
Filename: '/usr/share/koji-web/scripts/index.py'
PathInfo: ''
Phase: 'PythonHandler'
Handler:'mod_python.publisher'
Traceback (most recent call last):
File "/usr/lib64/python2.4/site-packages/mod_python/importer.py", line 1537,
in HandlerDispatch
default=default_handler, arg=req, silent=hlist.silent)
File "/usr/lib64/python2.4/site-packages/mod_python/importer.py", line 1229,
in _process_target
result = _execute_target(config, req, object, arg)
File "/usr/lib64/python2.4/site-packages/mod_python/importer.py", line 1128,
in _execute_target
result = object(arg)
File "/usr/lib64/python2.4/site-packages/mod_python/publisher.py", line 213,
in handler
published = publish_object(req, object)
File "/usr/lib64/python2.4/site-packages/mod_python/publisher.py", line 425,
in publish_object
return publish_object(req,util.apply_fs_data(object, req.form, req=req))
File "/usr/lib64/python2.4/site-packages/mod_python/util.py", line 554, in
apply_fs_data
return object(**args)
File "/usr/share/koji-web/scripts/index.py", line 175, in index
start=buildStart, dataName='builds', prefix='build', order=buildOrder,
pageSize=10)
File "/usr/share/koji-web/lib/kojiweb/util.py", line 109, in paginateMethod
totalRows = getattr(server, methodName)(*args, **kw)
File "/usr/lib/python2.4/site-packages/koji/__init__.py", line 1077, in
__call__
return self.__func(self.__name,args,opts)
File "/usr/lib/python2.4/site-packages/koji/__init__.py", line 1302, in
_callMethod
return proxy.__getattr__(name)(*args)
File "/usr/lib64/python2.4/xmlrpclib.py", line 1096, in __call__
return self.__send(self.__name, args)
File "/usr/lib64/python2.4/xmlrpclib.py", line 1383, in __request
verbose=self.__verbose
File "/usr/lib64/python2.4/xmlrpclib.py", line 1137, in request
headers
ProtocolError:
MODULE CACHE DETAILS
Accessed: Wed Jul 16 16:47:56 2008
Generation: 1
_mp_0dec3ca8c086f5baed01b0d5504fa2b0 {
FileName: '/usr/share/koji-web/scripts/index.py'
Instance: 1
Generation: 1
Modified: Fri Dec 14 21:12:36 2007
Imported: Wed Jul 16 16:36:02 2008
}
Here is the error we are seeing on http://192.168.226.61/koji/index.chtml:
Forbidden
You don't have permission to access /koji/index.chtml on this server.
Here is the error we are seeing on http://192.168.226.61/kojihub:
Internal Server Error
blah blah blah
http://192.168.226.61/koji-static/
Displays a directory listing of a few files and directories so I am
assuming it is working correctly.
Anyone have any ideas?
Thanks.
--
Naveen Gavini
Student Systems Programmer
OSS/CSS - OIT Rutgers
[EMAIL PROTECTED]
--
Fedora-buildsys-list mailing list
Fedora-buildsys-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
Re: mod_python error installing Koji
On Wed, 2008-07-16 at 16:53 -0400, Naveen Gavini wrote:
> Hello all,
>
> We are trying to setup the Koji build system for our Centos and Fedora
> repositories. We are getting the errors below after following the setup
> guide.
> We have tried numerous different things to attempt to correct the errors
> and nothing has worked. We initially thought it was an issue of what
> user it was
> being run as and we changed users around this did not work. We changed
> various settings in our apache configuration and still no dice.
> Here is the errors we are seeing on http://192.168.226.61/koji/:
>
> MOD_PYTHON ERROR
>
> ProcessId: 9453
> Interpreter:'127.0.0.1'
>
> ServerName: '127.0.0.1'
> DocumentRoot: '/var/www/html'
>
> URI:'/koji/'
> Location: None
> Directory: '/usr/share/koji-web/scripts/'
> Filename: '/usr/share/koji-web/scripts/index.py'
> PathInfo: ''
>
> Phase: 'PythonHandler'
> Handler:'mod_python.publisher'
>
> Traceback (most recent call last):
>
> File "/usr/lib64/python2.4/site-packages/mod_python/importer.py", line
> 1537, in HandlerDispatch
> default=default_handler, arg=req, silent=hlist.silent)
>
> File "/usr/lib64/python2.4/site-packages/mod_python/importer.py", line
> 1229, in _process_target
> result = _execute_target(config, req, object, arg)
>
> File "/usr/lib64/python2.4/site-packages/mod_python/importer.py", line
> 1128, in _execute_target
> result = object(arg)
>
> File "/usr/lib64/python2.4/site-packages/mod_python/publisher.py", line
> 213, in handler
> published = publish_object(req, object)
>
> File "/usr/lib64/python2.4/site-packages/mod_python/publisher.py", line
> 425, in publish_object
> return publish_object(req,util.apply_fs_data(object, req.form, req=req))
>
> File "/usr/lib64/python2.4/site-packages/mod_python/util.py", line 554, in
> apply_fs_data
> return object(**args)
>
> File "/usr/share/koji-web/scripts/index.py", line 175, in index
> start=buildStart, dataName='builds', prefix='build', order=buildOrder,
> pageSize=10)
>
> File "/usr/share/koji-web/lib/kojiweb/util.py", line 109, in paginateMethod
> totalRows = getattr(server, methodName)(*args, **kw)
>
> File "/usr/lib/python2.4/site-packages/koji/__init__.py", line 1077, in
> __call__
> return self.__func(self.__name,args,opts)
>
> File "/usr/lib/python2.4/site-packages/koji/__init__.py", line 1302, in
> _callMethod
> return proxy.__getattr__(name)(*args)
>
> File "/usr/lib64/python2.4/xmlrpclib.py", line 1096, in __call__
> return self.__send(self.__name, args)
>
> File "/usr/lib64/python2.4/xmlrpclib.py", line 1383, in __request
> verbose=self.__verbose
>
> File "/usr/lib64/python2.4/xmlrpclib.py", line 1137, in request
> headers
>
> ProtocolError: Error>
>
>
> MODULE CACHE DETAILS
>
> Accessed: Wed Jul 16 16:47:56 2008
> Generation: 1
>
> _mp_0dec3ca8c086f5baed01b0d5504fa2b0 {
> FileName: '/usr/share/koji-web/scripts/index.py'
> Instance: 1
> Generation: 1
> Modified: Fri Dec 14 21:12:36 2007
> Imported: Wed Jul 16 16:36:02 2008
> }
>
>
> Here is the error we are seeing on http://192.168.226.61/koji/index.chtml:
> Forbidden
> You don't have permission to access /koji/index.chtml on this server.
>
> Here is the error we are seeing on http://192.168.226.61/kojihub:
> Internal Server Error
> blah blah blah
>
> http://192.168.226.61/koji-static/
> Displays a directory listing of a few files and directories so I am
> assuming it is working correctly.
You should see more detailed error messages in /var/log/httpd/error_log
(or ssl_error_log, depending on your setup). I'm guessing the "apache"
OS user does not have permission to connect to the "koji" database as
the "koji" database user. You need to grant the appropriate access in
pg_hba.conf.
--
Fedora-buildsys-list mailing list
Fedora-buildsys-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
