Re: Koji CLI Auth problem
On Wed, 2008-07-16 at 11:06 +0800, Linul wrote: HI: I'm using CentOS 5.2 for my Koji Server, but now I have a problem about Koji CLI auth. According the wiki document in http://fedoraproject.org/wiki/Koji/ServerHowTo , I setup my Koji-hub、 Koji-web、postgresql , and have a koji web interface. I also setup my CA Center,and configure the kojiweb.conf、 kojihub.conf、/etc/koji.conf. But when i execute the koji command with no username and password, the messages is: Error: [('PEM routines', 'PEM_read_bio', 'no start line'), ('SSL routines', 'SSL_CTX_use_PrivateKey_file', 'PEM lib')] Your client certificate file (indicated by cert in the config file) needs to contain both the certificate and private key. Your private key is missing. why? thanks. /etc/koji.conf: [koji] ;configuration for koji cli tool ;url of XMLRPC server ;server = http://koji.fedoraproject.org/kojihub server = http://koji.ossii.com.tw/kojihub ;url of web interface ;weburl = http://koji.fedoraproject.org/koji weburl = http://koji.ossii.com.tw/koji ;url of package download site ;pkgurl = http://koji.fedoraproject.org/packages pkgurl = http://koji.ossii.com.tw/packages ;path to the koji top directory topdir = /mnt/koji ;configuration for SSL athentication ;client certificate ;cert = ~/.fedora.cert cert = /etc/kojid/kojiadmin.crt ;certificate of the CA that issued the client certificate ;ca = ~/.fedora-upload-ca.cert ca = /etc/kojid/kojiadmin.key ;certificate of the CA that issued the HTTP server certificate ;serverca = ~/.fedora-server-ca.cert serverca = /etc/httpd/conf.d/ssl/ossiikojica.crt kojihub.conf: Directory /usr/share/koji-hub SetHandler mod_python PythonHandler kojixmlrpc PythonOption DBName koji PythonOption DBUser kevin PythonOption DBHost 127.0.0.1 PythonOption KojiDir /mnt/koji # Kerberos auth configuration # PythonOption AuthPrincipal [EMAIL PROTECTED] # PythonOption AuthKeytab /etc/koji.keytab # PythonOption ProxyPrincipals [EMAIL PROTECTED] # format string for host principals (%s = hostname) # PythonOption HostPrincipalFormat compile/[EMAIL PROTECTED] # end Kerberos auth configuration # SSL client certificate auth configuration # the client username is the common name of the subject of their client certificate PythonOption DNUsernameComponent CN # separate multiple DNs with | # PythonOption ProxyDNs /C=US/ST=Massachusetts/O=Example Org/OU=Example User/CN=example/[EMAIL PROTECTED] PythonOption ProxyDNs /C=TW/ST=Taiwan/O=OSSII/OU=Koji Hub Server/CN=OSSII Koji Server CA/[EMAIL PROTECTED] # end SSL client certificate auth configuration PythonOption LoginCreatesUser On PythonOption KojiWebURL http://koji.ossii.com.tw/koji # The domain name that will be appended to Koji usernames # when creating email notifications PythonOption EmailDomain example.com # PythonOption KojiDebug On # PythonOption KojiTraceback extended # sending tracebacks to the client isn't very helpful for debugging xmlrpc PythonDebug Off # autoreload is mostly useless to us (it would only reload kojixmlrpc.py) PythonAutoReload Off /Directory # uncomment this to enable authentication via SSL client certificates Location /kojihub SSLOptions +StdEnvVars /Location # these options must be enabled globally (in ssl.conf) SSLVerifyClient require SSLVerifyDepth 10 kojiweb.conf: Alias /koji /usr/share/koji-web/scripts/ Directory /usr/share/koji-web/scripts/ # Config for the publisher handler SetHandler mod_python PythonHandler mod_python.publisher # General settings PythonDebug On PythonOption KojiHubURL http://koji.ossii.com.tw/kojihub PythonOption KojiWebURL http://koji.ossii.com.tw/koji PythonOption KojiPackagesURL http://koji.ossii.com.tw/koji/packages PythonOption WebPrincipal koji/[EMAIL PROTECTED] PythonOption WebKeytab /etc/httpd.keytab PythonOption WebCCache /var/tmp/kojiweb.ccache PythonOption WebCert /etc/httpd/conf.d/ssl/kojiweb.crt PythonOption ClientCA /etc/httpd/conf.d/ssl/kojiweb.key PythonOption KojiHubCA /etc/httpd/conf.d/ssl/ossiikojica.crt PythonOption LoginTimeout 72 # This must be changed before deployment PythonOption Secret CHANGE_ME PythonPath sys.path + ['/usr/share/koji-web/lib'] PythonCleanupHandler kojiweb.handlers::cleanup PythonAutoReload Off /Directory Location /koji/login SSLOptions +StdEnvVars /Location # these options must be enabled globally (in ssl.conf) SSLVerifyClient require SSLVerifyDepth 10 Alias /koji-static/ /usr/share/koji-web/static/ Directory /usr/share/koji-web/static/ Options None AllowOverride None
mod_python error installing Koji
Hello all, We are trying to setup the Koji build system for our Centos and Fedora repositories. We are getting the errors below after following the setup guide. We have tried numerous different things to attempt to correct the errors and nothing has worked. We initially thought it was an issue of what user it was being run as and we changed users around this did not work. We changed various settings in our apache configuration and still no dice. Here is the errors we are seeing on http://192.168.226.61/koji/: MOD_PYTHON ERROR ProcessId: 9453 Interpreter:'127.0.0.1' ServerName: '127.0.0.1' DocumentRoot: '/var/www/html' URI:'/koji/' Location: None Directory: '/usr/share/koji-web/scripts/' Filename: '/usr/share/koji-web/scripts/index.py' PathInfo: '' Phase: 'PythonHandler' Handler:'mod_python.publisher' Traceback (most recent call last): File /usr/lib64/python2.4/site-packages/mod_python/importer.py, line 1537, in HandlerDispatch default=default_handler, arg=req, silent=hlist.silent) File /usr/lib64/python2.4/site-packages/mod_python/importer.py, line 1229, in _process_target result = _execute_target(config, req, object, arg) File /usr/lib64/python2.4/site-packages/mod_python/importer.py, line 1128, in _execute_target result = object(arg) File /usr/lib64/python2.4/site-packages/mod_python/publisher.py, line 213, in handler published = publish_object(req, object) File /usr/lib64/python2.4/site-packages/mod_python/publisher.py, line 425, in publish_object return publish_object(req,util.apply_fs_data(object, req.form, req=req)) File /usr/lib64/python2.4/site-packages/mod_python/util.py, line 554, in apply_fs_data return object(**args) File /usr/share/koji-web/scripts/index.py, line 175, in index start=buildStart, dataName='builds', prefix='build', order=buildOrder, pageSize=10) File /usr/share/koji-web/lib/kojiweb/util.py, line 109, in paginateMethod totalRows = getattr(server, methodName)(*args, **kw) File /usr/lib/python2.4/site-packages/koji/__init__.py, line 1077, in __call__ return self.__func(self.__name,args,opts) File /usr/lib/python2.4/site-packages/koji/__init__.py, line 1302, in _callMethod return proxy.__getattr__(name)(*args) File /usr/lib64/python2.4/xmlrpclib.py, line 1096, in __call__ return self.__send(self.__name, args) File /usr/lib64/python2.4/xmlrpclib.py, line 1383, in __request verbose=self.__verbose File /usr/lib64/python2.4/xmlrpclib.py, line 1137, in request headers ProtocolError: ProtocolError for 192.168.226.61/kojihub: 500 Internal Server Error MODULE CACHE DETAILS Accessed: Wed Jul 16 16:47:56 2008 Generation: 1 _mp_0dec3ca8c086f5baed01b0d5504fa2b0 { FileName: '/usr/share/koji-web/scripts/index.py' Instance: 1 Generation: 1 Modified: Fri Dec 14 21:12:36 2007 Imported: Wed Jul 16 16:36:02 2008 } Here is the error we are seeing on http://192.168.226.61/koji/index.chtml: Forbidden You don't have permission to access /koji/index.chtml on this server. Here is the error we are seeing on http://192.168.226.61/kojihub: Internal Server Error blah blah blah http://192.168.226.61/koji-static/ Displays a directory listing of a few files and directories so I am assuming it is working correctly. Anyone have any ideas? Thanks. -- Naveen Gavini Student Systems Programmer OSS/CSS - OIT Rutgers [EMAIL PROTECTED] -- Fedora-buildsys-list mailing list Fedora-buildsys-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-buildsys-list