Re: Koji CLI Auth problem
On Wed, 2008-07-16 at 11:06 +0800, Linul wrote:
HI:
I'm using CentOS 5.2 for my Koji Server, but now I have a problem
about Koji CLI auth.
According the wiki document in
http://fedoraproject.org/wiki/Koji/ServerHowTo , I setup my Koji-hub、
Koji-web、postgresql
, and have a koji web interface.
I also setup my CA Center,and configure the kojiweb.conf、
kojihub.conf、/etc/koji.conf.
But when i execute the koji command with no username and password, the
messages is:
Error: [('PEM routines', 'PEM_read_bio', 'no start line'), ('SSL
routines', 'SSL_CTX_use_PrivateKey_file', 'PEM lib')]
Your client certificate file (indicated by cert in the config file)
needs to contain both the certificate and private key. Your private key
is missing.
why?
thanks.
/etc/koji.conf:
[koji]
;configuration for koji cli tool
;url of XMLRPC server
;server = http://koji.fedoraproject.org/kojihub
server = http://koji.ossii.com.tw/kojihub
;url of web interface
;weburl = http://koji.fedoraproject.org/koji
weburl = http://koji.ossii.com.tw/koji
;url of package download site
;pkgurl = http://koji.fedoraproject.org/packages
pkgurl = http://koji.ossii.com.tw/packages
;path to the koji top directory
topdir = /mnt/koji
;configuration for SSL athentication
;client certificate
;cert = ~/.fedora.cert
cert = /etc/kojid/kojiadmin.crt
;certificate of the CA that issued the client certificate
;ca = ~/.fedora-upload-ca.cert
ca = /etc/kojid/kojiadmin.key
;certificate of the CA that issued the HTTP server certificate
;serverca = ~/.fedora-server-ca.cert
serverca = /etc/httpd/conf.d/ssl/ossiikojica.crt
kojihub.conf:
Directory /usr/share/koji-hub
SetHandler mod_python
PythonHandler kojixmlrpc
PythonOption DBName koji
PythonOption DBUser kevin
PythonOption DBHost 127.0.0.1
PythonOption KojiDir /mnt/koji
# Kerberos auth configuration
# PythonOption AuthPrincipal [EMAIL PROTECTED]
# PythonOption AuthKeytab /etc/koji.keytab
# PythonOption ProxyPrincipals [EMAIL PROTECTED]
# format string for host principals (%s = hostname)
# PythonOption HostPrincipalFormat compile/[EMAIL PROTECTED]
# end Kerberos auth configuration
# SSL client certificate auth configuration
# the client username is the common name of the subject of
their client certificate
PythonOption DNUsernameComponent CN
# separate multiple DNs with |
# PythonOption ProxyDNs /C=US/ST=Massachusetts/O=Example
Org/OU=Example User/CN=example/[EMAIL PROTECTED]
PythonOption ProxyDNs /C=TW/ST=Taiwan/O=OSSII/OU=Koji Hub
Server/CN=OSSII Koji Server CA/[EMAIL PROTECTED]
# end SSL client certificate auth configuration
PythonOption LoginCreatesUser On
PythonOption KojiWebURL http://koji.ossii.com.tw/koji
# The domain name that will be appended to Koji usernames
# when creating email notifications
PythonOption EmailDomain example.com
# PythonOption KojiDebug On
# PythonOption KojiTraceback extended
# sending tracebacks to the client isn't very helpful for
debugging xmlrpc
PythonDebug Off
# autoreload is mostly useless to us (it would only reload
kojixmlrpc.py)
PythonAutoReload Off
/Directory
# uncomment this to enable authentication via SSL client certificates
Location /kojihub
SSLOptions +StdEnvVars
/Location
# these options must be enabled globally (in ssl.conf)
SSLVerifyClient require
SSLVerifyDepth 10
kojiweb.conf:
Alias /koji /usr/share/koji-web/scripts/
Directory /usr/share/koji-web/scripts/
# Config for the publisher handler
SetHandler mod_python
PythonHandler mod_python.publisher
# General settings
PythonDebug On
PythonOption KojiHubURL http://koji.ossii.com.tw/kojihub
PythonOption KojiWebURL http://koji.ossii.com.tw/koji
PythonOption KojiPackagesURL
http://koji.ossii.com.tw/koji/packages
PythonOption WebPrincipal koji/[EMAIL PROTECTED]
PythonOption WebKeytab /etc/httpd.keytab
PythonOption WebCCache /var/tmp/kojiweb.ccache
PythonOption WebCert /etc/httpd/conf.d/ssl/kojiweb.crt
PythonOption ClientCA /etc/httpd/conf.d/ssl/kojiweb.key
PythonOption KojiHubCA /etc/httpd/conf.d/ssl/ossiikojica.crt
PythonOption LoginTimeout 72
# This must be changed before deployment
PythonOption Secret CHANGE_ME
PythonPath sys.path + ['/usr/share/koji-web/lib']
PythonCleanupHandler kojiweb.handlers::cleanup
PythonAutoReload Off
/Directory
Location /koji/login
SSLOptions +StdEnvVars
/Location
# these options must be enabled globally (in ssl.conf)
SSLVerifyClient require
SSLVerifyDepth 10
Alias /koji-static/ /usr/share/koji-web/static/
Directory /usr/share/koji-web/static/
Options None
AllowOverride None
mod_python error installing Koji
Hello all,
We are trying to setup the Koji build system for our Centos and Fedora
repositories. We are getting the errors below after following the setup
guide.
We have tried numerous different things to attempt to correct the errors
and nothing has worked. We initially thought it was an issue of what
user it was
being run as and we changed users around this did not work. We changed
various settings in our apache configuration and still no dice.
Here is the errors we are seeing on http://192.168.226.61/koji/:
MOD_PYTHON ERROR
ProcessId: 9453
Interpreter:'127.0.0.1'
ServerName: '127.0.0.1'
DocumentRoot: '/var/www/html'
URI:'/koji/'
Location: None
Directory: '/usr/share/koji-web/scripts/'
Filename: '/usr/share/koji-web/scripts/index.py'
PathInfo: ''
Phase: 'PythonHandler'
Handler:'mod_python.publisher'
Traceback (most recent call last):
File /usr/lib64/python2.4/site-packages/mod_python/importer.py, line 1537,
in HandlerDispatch
default=default_handler, arg=req, silent=hlist.silent)
File /usr/lib64/python2.4/site-packages/mod_python/importer.py, line 1229,
in _process_target
result = _execute_target(config, req, object, arg)
File /usr/lib64/python2.4/site-packages/mod_python/importer.py, line 1128,
in _execute_target
result = object(arg)
File /usr/lib64/python2.4/site-packages/mod_python/publisher.py, line 213,
in handler
published = publish_object(req, object)
File /usr/lib64/python2.4/site-packages/mod_python/publisher.py, line 425,
in publish_object
return publish_object(req,util.apply_fs_data(object, req.form, req=req))
File /usr/lib64/python2.4/site-packages/mod_python/util.py, line 554, in
apply_fs_data
return object(**args)
File /usr/share/koji-web/scripts/index.py, line 175, in index
start=buildStart, dataName='builds', prefix='build', order=buildOrder,
pageSize=10)
File /usr/share/koji-web/lib/kojiweb/util.py, line 109, in paginateMethod
totalRows = getattr(server, methodName)(*args, **kw)
File /usr/lib/python2.4/site-packages/koji/__init__.py, line 1077, in
__call__
return self.__func(self.__name,args,opts)
File /usr/lib/python2.4/site-packages/koji/__init__.py, line 1302, in
_callMethod
return proxy.__getattr__(name)(*args)
File /usr/lib64/python2.4/xmlrpclib.py, line 1096, in __call__
return self.__send(self.__name, args)
File /usr/lib64/python2.4/xmlrpclib.py, line 1383, in __request
verbose=self.__verbose
File /usr/lib64/python2.4/xmlrpclib.py, line 1137, in request
headers
ProtocolError: ProtocolError for 192.168.226.61/kojihub: 500 Internal Server
Error
MODULE CACHE DETAILS
Accessed: Wed Jul 16 16:47:56 2008
Generation: 1
_mp_0dec3ca8c086f5baed01b0d5504fa2b0 {
FileName: '/usr/share/koji-web/scripts/index.py'
Instance: 1
Generation: 1
Modified: Fri Dec 14 21:12:36 2007
Imported: Wed Jul 16 16:36:02 2008
}
Here is the error we are seeing on http://192.168.226.61/koji/index.chtml:
Forbidden
You don't have permission to access /koji/index.chtml on this server.
Here is the error we are seeing on http://192.168.226.61/kojihub:
Internal Server Error
blah blah blah
http://192.168.226.61/koji-static/
Displays a directory listing of a few files and directories so I am
assuming it is working correctly.
Anyone have any ideas?
Thanks.
--
Naveen Gavini
Student Systems Programmer
OSS/CSS - OIT Rutgers
[EMAIL PROTECTED]
--
Fedora-buildsys-list mailing list
Fedora-buildsys-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
