Re: Koji CLI Auth problem
On Wed, 2008-07-16 at 11:06 +0800, Linul wrote: > HI: > > I'm using CentOS 5.2 for my Koji Server, but now I have a problem > about Koji CLI auth. > > According the wiki document in > http://fedoraproject.org/wiki/Koji/ServerHowTo , I setup my Koji-hub、 > Koji-web、postgresql > > , and have a koji web interface. > > I also setup my CA Center,and configure the kojiweb.conf、 > kojihub.conf、/etc/koji.conf. > > But when i execute the koji command with no username and password, the > messages is: > > Error: [('PEM routines', 'PEM_read_bio', 'no start line'), ('SSL > routines', 'SSL_CTX_use_PrivateKey_file', 'PEM lib')] Your client certificate file (indicated by "cert" in the config file) needs to contain both the certificate and private key. Your private key is missing. > why? > > thanks. > > > /etc/koji.conf: > > [koji] > > ;configuration for koji cli tool > > ;url of XMLRPC server > ;server = http://koji.fedoraproject.org/kojihub > server = http://koji.ossii.com.tw/kojihub > > ;url of web interface > ;weburl = http://koji.fedoraproject.org/koji > weburl = http://koji.ossii.com.tw/koji > > ;url of package download site > ;pkgurl = http://koji.fedoraproject.org/packages > pkgurl = http://koji.ossii.com.tw/packages > > ;path to the koji top directory > topdir = /mnt/koji > > ;configuration for SSL athentication > > ;client certificate > ;cert = ~/.fedora.cert > cert = /etc/kojid/kojiadmin.crt > > ;certificate of the CA that issued the client certificate > ;ca = ~/.fedora-upload-ca.cert > ca = /etc/kojid/kojiadmin.key > > ;certificate of the CA that issued the HTTP server certificate > ;serverca = ~/.fedora-server-ca.cert > serverca = /etc/httpd/conf.d/ssl/ossiikojica.crt > > > kojihub.conf: > > > SetHandler mod_python > PythonHandler kojixmlrpc > PythonOption DBName koji > PythonOption DBUser kevin > PythonOption DBHost 127.0.0.1 > PythonOption KojiDir /mnt/koji > > # Kerberos auth configuration > # PythonOption AuthPrincipal [EMAIL PROTECTED] > # PythonOption AuthKeytab /etc/koji.keytab > # PythonOption ProxyPrincipals [EMAIL PROTECTED] > # format string for host principals (%s = hostname) > # PythonOption HostPrincipalFormat compile/[EMAIL PROTECTED] > # end Kerberos auth configuration > > # SSL client certificate auth configuration > # the client username is the common name of the subject of > their client certificate > PythonOption DNUsernameComponent CN > # separate multiple DNs with | > # PythonOption ProxyDNs "/C=US/ST=Massachusetts/O=Example > Org/OU=Example User/CN=example/[EMAIL PROTECTED]" > PythonOption ProxyDNs "/C=TW/ST=Taiwan/O=OSSII/OU=Koji Hub > Server/CN=OSSII Koji Server CA/[EMAIL PROTECTED]" > # end SSL client certificate auth configuration > > PythonOption LoginCreatesUser On > PythonOption KojiWebURL http://koji.ossii.com.tw/koji > > # The domain name that will be appended to Koji usernames > # when creating email notifications > PythonOption EmailDomain example.com > # PythonOption KojiDebug On > # PythonOption KojiTraceback "extended" > # sending tracebacks to the client isn't very helpful for > debugging xmlrpc > PythonDebug Off > # autoreload is mostly useless to us (it would only reload > kojixmlrpc.py) > PythonAutoReload Off > > > # uncomment this to enable authentication via SSL client certificates > > SSLOptions +StdEnvVars > > # these options must be enabled globally (in ssl.conf) > SSLVerifyClient require > SSLVerifyDepth 10 > > kojiweb.conf: > > Alias /koji "/usr/share/koji-web/scripts/" > > > # Config for the publisher handler > SetHandler mod_python > PythonHandler mod_python.publisher > > # General settings > PythonDebug On > PythonOption KojiHubURL http://koji.ossii.com.tw/kojihub > PythonOption KojiWebURL http://koji.ossii.com.tw/koji > PythonOption KojiPackagesURL > http://koji.ossii.com.tw/koji/packages > PythonOption WebPrincipal koji/[EMAIL PROTECTED] > PythonOption WebKeytab /etc/httpd.keytab > PythonOption WebCCache /var/tmp/kojiweb.ccache > PythonOption WebCert /etc/httpd/conf.d/ssl/kojiweb.crt > PythonOption ClientCA /etc/httpd/conf.d/ssl/kojiweb.key > PythonOption KojiHubCA /etc/httpd/conf.d/ssl/ossiikojica.crt > PythonOption LoginTimeout 72 > # This must be changed before deployment > PythonOption Secret CHANGE_ME > PythonPath "sys.path + ['/usr/share/koji-web/lib']" > PythonCleanupHandler kojiweb.handlers::cleanup > PythonAutoReload Off > > > SSLOptions +StdEnvVars > > # these options must be enabled globally (in ssl.conf) > SSLVerifyClient require > SSLVerifyDepth 10 > > Alias /koji-static/ "/usr/share/koji-web/static/" > > > Options None > AllowOverride None > Order
mod_python error installing Koji
Hello all, We are trying to setup the Koji build system for our Centos and Fedora repositories. We are getting the errors below after following the setup guide. We have tried numerous different things to attempt to correct the errors and nothing has worked. We initially thought it was an issue of what user it was being run as and we changed users around this did not work. We changed various settings in our apache configuration and still no dice. Here is the errors we are seeing on http://192.168.226.61/koji/: MOD_PYTHON ERROR ProcessId: 9453 Interpreter:'127.0.0.1' ServerName: '127.0.0.1' DocumentRoot: '/var/www/html' URI:'/koji/' Location: None Directory: '/usr/share/koji-web/scripts/' Filename: '/usr/share/koji-web/scripts/index.py' PathInfo: '' Phase: 'PythonHandler' Handler:'mod_python.publisher' Traceback (most recent call last): File "/usr/lib64/python2.4/site-packages/mod_python/importer.py", line 1537, in HandlerDispatch default=default_handler, arg=req, silent=hlist.silent) File "/usr/lib64/python2.4/site-packages/mod_python/importer.py", line 1229, in _process_target result = _execute_target(config, req, object, arg) File "/usr/lib64/python2.4/site-packages/mod_python/importer.py", line 1128, in _execute_target result = object(arg) File "/usr/lib64/python2.4/site-packages/mod_python/publisher.py", line 213, in handler published = publish_object(req, object) File "/usr/lib64/python2.4/site-packages/mod_python/publisher.py", line 425, in publish_object return publish_object(req,util.apply_fs_data(object, req.form, req=req)) File "/usr/lib64/python2.4/site-packages/mod_python/util.py", line 554, in apply_fs_data return object(**args) File "/usr/share/koji-web/scripts/index.py", line 175, in index start=buildStart, dataName='builds', prefix='build', order=buildOrder, pageSize=10) File "/usr/share/koji-web/lib/kojiweb/util.py", line 109, in paginateMethod totalRows = getattr(server, methodName)(*args, **kw) File "/usr/lib/python2.4/site-packages/koji/__init__.py", line 1077, in __call__ return self.__func(self.__name,args,opts) File "/usr/lib/python2.4/site-packages/koji/__init__.py", line 1302, in _callMethod return proxy.__getattr__(name)(*args) File "/usr/lib64/python2.4/xmlrpclib.py", line 1096, in __call__ return self.__send(self.__name, args) File "/usr/lib64/python2.4/xmlrpclib.py", line 1383, in __request verbose=self.__verbose File "/usr/lib64/python2.4/xmlrpclib.py", line 1137, in request headers ProtocolError: MODULE CACHE DETAILS Accessed: Wed Jul 16 16:47:56 2008 Generation: 1 _mp_0dec3ca8c086f5baed01b0d5504fa2b0 { FileName: '/usr/share/koji-web/scripts/index.py' Instance: 1 Generation: 1 Modified: Fri Dec 14 21:12:36 2007 Imported: Wed Jul 16 16:36:02 2008 } Here is the error we are seeing on http://192.168.226.61/koji/index.chtml: Forbidden You don't have permission to access /koji/index.chtml on this server. Here is the error we are seeing on http://192.168.226.61/kojihub: Internal Server Error blah blah blah http://192.168.226.61/koji-static/ Displays a directory listing of a few files and directories so I am assuming it is working correctly. Anyone have any ideas? Thanks. -- Naveen Gavini Student Systems Programmer OSS/CSS - OIT Rutgers [EMAIL PROTECTED] -- Fedora-buildsys-list mailing list Fedora-buildsys-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
Re: mod_python error installing Koji
On Wed, 2008-07-16 at 16:53 -0400, Naveen Gavini wrote: > Hello all, > > We are trying to setup the Koji build system for our Centos and Fedora > repositories. We are getting the errors below after following the setup > guide. > We have tried numerous different things to attempt to correct the errors > and nothing has worked. We initially thought it was an issue of what > user it was > being run as and we changed users around this did not work. We changed > various settings in our apache configuration and still no dice. > Here is the errors we are seeing on http://192.168.226.61/koji/: > > MOD_PYTHON ERROR > > ProcessId: 9453 > Interpreter:'127.0.0.1' > > ServerName: '127.0.0.1' > DocumentRoot: '/var/www/html' > > URI:'/koji/' > Location: None > Directory: '/usr/share/koji-web/scripts/' > Filename: '/usr/share/koji-web/scripts/index.py' > PathInfo: '' > > Phase: 'PythonHandler' > Handler:'mod_python.publisher' > > Traceback (most recent call last): > > File "/usr/lib64/python2.4/site-packages/mod_python/importer.py", line > 1537, in HandlerDispatch > default=default_handler, arg=req, silent=hlist.silent) > > File "/usr/lib64/python2.4/site-packages/mod_python/importer.py", line > 1229, in _process_target > result = _execute_target(config, req, object, arg) > > File "/usr/lib64/python2.4/site-packages/mod_python/importer.py", line > 1128, in _execute_target > result = object(arg) > > File "/usr/lib64/python2.4/site-packages/mod_python/publisher.py", line > 213, in handler > published = publish_object(req, object) > > File "/usr/lib64/python2.4/site-packages/mod_python/publisher.py", line > 425, in publish_object > return publish_object(req,util.apply_fs_data(object, req.form, req=req)) > > File "/usr/lib64/python2.4/site-packages/mod_python/util.py", line 554, in > apply_fs_data > return object(**args) > > File "/usr/share/koji-web/scripts/index.py", line 175, in index > start=buildStart, dataName='builds', prefix='build', order=buildOrder, > pageSize=10) > > File "/usr/share/koji-web/lib/kojiweb/util.py", line 109, in paginateMethod > totalRows = getattr(server, methodName)(*args, **kw) > > File "/usr/lib/python2.4/site-packages/koji/__init__.py", line 1077, in > __call__ > return self.__func(self.__name,args,opts) > > File "/usr/lib/python2.4/site-packages/koji/__init__.py", line 1302, in > _callMethod > return proxy.__getattr__(name)(*args) > > File "/usr/lib64/python2.4/xmlrpclib.py", line 1096, in __call__ > return self.__send(self.__name, args) > > File "/usr/lib64/python2.4/xmlrpclib.py", line 1383, in __request > verbose=self.__verbose > > File "/usr/lib64/python2.4/xmlrpclib.py", line 1137, in request > headers > > ProtocolError: Error> > > > MODULE CACHE DETAILS > > Accessed: Wed Jul 16 16:47:56 2008 > Generation: 1 > > _mp_0dec3ca8c086f5baed01b0d5504fa2b0 { > FileName: '/usr/share/koji-web/scripts/index.py' > Instance: 1 > Generation: 1 > Modified: Fri Dec 14 21:12:36 2007 > Imported: Wed Jul 16 16:36:02 2008 > } > > > Here is the error we are seeing on http://192.168.226.61/koji/index.chtml: > Forbidden > You don't have permission to access /koji/index.chtml on this server. > > Here is the error we are seeing on http://192.168.226.61/kojihub: > Internal Server Error > blah blah blah > > http://192.168.226.61/koji-static/ > Displays a directory listing of a few files and directories so I am > assuming it is working correctly. You should see more detailed error messages in /var/log/httpd/error_log (or ssl_error_log, depending on your setup). I'm guessing the "apache" OS user does not have permission to connect to the "koji" database as the "koji" database user. You need to grant the appropriate access in pg_hba.conf. -- Fedora-buildsys-list mailing list Fedora-buildsys-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-buildsys-list