Re: [Pulp-list] pulpcore-client 3.2 ldap authentication
This setting actually failed to restart pulp. See errors below. Apr 21 21:56:27 ip-1-76-158-49 gunicorn[24414]: NameError: name 'REST_FRAMEWORK' is not defined Apr 21 21:56:27 ip-1-76-158-49 gunicorn[24414]: [2020-04-21 21:56:27 -0400] [24417] [INFO] Worker exiting (pid: 24417) Apr 21 21:56:27 ip-1-76-158-49 gunicorn[24414]: [2020-04-21 21:56:27 -0400] [24414] [INFO] Shutting down: Master Apr 21 21:56:27 ip-1-76-158-49 gunicorn[24414]: [2020-04-21 21:56:27 -0400] [24414] [INFO] Reason: Worker failed to boot. Apr 21 21:56:27 ip-1-76-158-49 systemd[1]: pulpcore-api.service: main process exited, code=exited, status=3/NOTIMPLEMENTED Apr 21 21:56:27 ip-1-76-158-49 systemd[1]: Unit pulpcore-api.service entered failed state. Apr 21 21:56:27 ip-1-76-158-49 systemd[1]: pulpcore-api.service failed. Apr 21 21:56:27 ip-1-76-158-49 systemd[1]: pulpcore-resource-manager.service holdoff time over, scheduling restart. From: Bin Li (BLOOMBERG/ 120 PARK) At: 04/21/20 21:32:49To: dkli...@redhat.com Cc: pulp-list@redhat.com Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication Yes, I did # pip list |grep dynaconf dynaconf3.0.0rc1 From: dkli...@redhat.com At: 04/21/20 20:01:00To: Bin Li (BLOOMBERG/ 120 PARK ) Cc: pulp-list@redhat.com Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication Did you update dynaconf to 3.0.0rc1? There was a bug that caused the settings to get merged instead of overwritten. [0] https://pulp.plan.io/issues/6244 [1] https://pypi.org/project/dynaconf/3.0.0rc1/ On Tue, Apr 21, 2020 at 5:59 PM Bin Li (BLOOMBERG/ 120 PARK) wrote: I have followed the setup https://www.nginx.com/blog/nginx-plus-authenticate-users/ to setup nginx LDAP authentication. This command works "http -a admin:password GET localhost/pulp/api/v3/repositories/rpm/rpm/ Cookie:nginxauth=XXX". The Cookie is the base64 encoded ldap username and password. I assume I should follow the below so I don't have to specify admin:pwdhttps://docs.pulpproject.org/installation/authentication.html#webserver-auth-with-reverse-proxy Adding the below to settings.py doesn't seem to work. REMOTE_USER_ENVIRON_NAME = 'HTTP_REMOTE_USER' AUTHENTICATION_BACKENDS = ['pulpcore.app.authentication.PulpNoCreateRemoteUserBackend'] REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'] = ( 'rest_framework.authentication.SessionAuthentication', 'pulpcore.app.authentication.PulpRemoteUserAuthentication' I am a little confused what need to be added for this setup. nginx <---http---> gunicornpulpcore.app.wsgi application Please advise Thanks From: dkli...@redhat.com At: 04/17/20 10:45:31To: Bin Li (BLOOMBERG/ 120 PARK ) Cc: pulp-list@redhat.com Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication Theoretically you should be able to use pulpcore-client even with LDAP authentication in the web server. However, I have not tested this. I've only helped users that use certificate authentication in the webserver. What error are you seeing on the client side? Do you see any errors in pulp logs? On Fri, Apr 17, 2020 at 10:20 AM Bin Li (BLOOMBERG/ 120 PARK) wrote: Thanks Dennis. We use pulpcore python client to interact with api. Once we enable ldap on nginx, the below code that pulpcore-client authenticate will not work any more. I am wonder if we are still be able to use pulpcore-client? or we have to rewrite the client code. This sounds too much work for us for now. configuration = pulpcore.Configuration() configuration.host = 'http://localhost' configuration.username = 'admin' configuration.password = 'pwd' rpm_client = pulp_rpm.ApiClient(configuration) From: dkli...@redhat.com At: 04/16/20 08:38:38To: Bin Li (BLOOMBERG/ 120 PARK ) Cc: pulp-list@redhat.com Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication Please be aware that there is a bug in dynaconf 2.2 with how settings are merged[0]. I recommend upgrading it to dynaconf 3.0.0rc1 for best results when configuring authentication backends in pulp. [0] https://pulp.plan.io/issues/6244 [1] https://pypi.org/project/dynaconf/3.0.0rc1/ On Wed, Apr 15, 2020 at 7:02 PM Dennis Kliban wrote: Pulp 3 does not currently support multiple users. We are planning to add support for RBAC in the near future. However, I don't have a concrete timeline for that. With all that said, you still can configure the web server to perform authentication[0]. In this case Pulp will stop performing authentication and will simply look for a WSGI environment variable that contains the username. [0] https://docs.pulpproject.org/installation/authentication.html#webserver-auth [1] https://docs.pulpproject.org/settings.html?highlight=remote_user#remote-user-environ-name On Wed, Apr 15, 2020 at 3:19 PM Bin Li (BLOOMBERG/ 120 PARK) wrote: I am thinking to configure nginx with ldap authentication, but I couldn't find a way to interact with the api. Does pulpcore-client work with ldap
Re: [Pulp-list] pulpcore-client 3.2 ldap authentication
Yes, I did # pip list |grep dynaconf dynaconf3.0.0rc1 From: dkli...@redhat.com At: 04/21/20 20:01:00To: Bin Li (BLOOMBERG/ 120 PARK ) Cc: pulp-list@redhat.com Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication Did you update dynaconf to 3.0.0rc1? There was a bug that caused the settings to get merged instead of overwritten. [0] https://pulp.plan.io/issues/6244 [1] https://pypi.org/project/dynaconf/3.0.0rc1/ On Tue, Apr 21, 2020 at 5:59 PM Bin Li (BLOOMBERG/ 120 PARK) wrote: I have followed the setup https://www.nginx.com/blog/nginx-plus-authenticate-users/ to setup nginx LDAP authentication. This command works "http -a admin:password GET localhost/pulp/api/v3/repositories/rpm/rpm/ Cookie:nginxauth=XXX". The Cookie is the base64 encoded ldap username and password. I assume I should follow the below so I don't have to specify admin:pwdhttps://docs.pulpproject.org/installation/authentication.html#webserver-auth-with-reverse-proxy Adding the below to settings.py doesn't seem to work. REMOTE_USER_ENVIRON_NAME = 'HTTP_REMOTE_USER' AUTHENTICATION_BACKENDS = ['pulpcore.app.authentication.PulpNoCreateRemoteUserBackend'] REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'] = ( 'rest_framework.authentication.SessionAuthentication', 'pulpcore.app.authentication.PulpRemoteUserAuthentication' I am a little confused what need to be added for this setup. nginx <---http---> gunicornpulpcore.app.wsgi application Please advise Thanks From: dkli...@redhat.com At: 04/17/20 10:45:31To: Bin Li (BLOOMBERG/ 120 PARK ) Cc: pulp-list@redhat.com Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication Theoretically you should be able to use pulpcore-client even with LDAP authentication in the web server. However, I have not tested this. I've only helped users that use certificate authentication in the webserver. What error are you seeing on the client side? Do you see any errors in pulp logs? On Fri, Apr 17, 2020 at 10:20 AM Bin Li (BLOOMBERG/ 120 PARK) wrote: Thanks Dennis. We use pulpcore python client to interact with api. Once we enable ldap on nginx, the below code that pulpcore-client authenticate will not work any more. I am wonder if we are still be able to use pulpcore-client? or we have to rewrite the client code. This sounds too much work for us for now. configuration = pulpcore.Configuration() configuration.host = 'http://localhost' configuration.username = 'admin' configuration.password = 'pwd' rpm_client = pulp_rpm.ApiClient(configuration) From: dkli...@redhat.com At: 04/16/20 08:38:38To: Bin Li (BLOOMBERG/ 120 PARK ) Cc: pulp-list@redhat.com Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication Please be aware that there is a bug in dynaconf 2.2 with how settings are merged[0]. I recommend upgrading it to dynaconf 3.0.0rc1 for best results when configuring authentication backends in pulp. [0] https://pulp.plan.io/issues/6244 [1] https://pypi.org/project/dynaconf/3.0.0rc1/ On Wed, Apr 15, 2020 at 7:02 PM Dennis Kliban wrote: Pulp 3 does not currently support multiple users. We are planning to add support for RBAC in the near future. However, I don't have a concrete timeline for that. With all that said, you still can configure the web server to perform authentication[0]. In this case Pulp will stop performing authentication and will simply look for a WSGI environment variable that contains the username. [0] https://docs.pulpproject.org/installation/authentication.html#webserver-auth [1] https://docs.pulpproject.org/settings.html?highlight=remote_user#remote-user-environ-name On Wed, Apr 15, 2020 at 3:19 PM Bin Li (BLOOMBERG/ 120 PARK) wrote: I am thinking to configure nginx with ldap authentication, but I couldn't find a way to interact with the api. Does pulpcore-client work with ldap authentication? Has anyone made httpie work with ldap? Thanks___ Pulp-list mailing list Pulp-list@redhat.com https://www.redhat.com/mailman/listinfo/pulp-list ___ Pulp-list mailing list Pulp-list@redhat.com https://www.redhat.com/mailman/listinfo/pulp-list
Re: [Pulp-list] pulpcore-client 3.2 ldap authentication
Did you update dynaconf to 3.0.0rc1? There was a bug that caused the settings to get merged instead of overwritten. [0] https://pulp.plan.io/issues/6244 [1] https://pypi.org/project/dynaconf/3.0.0rc1/ On Tue, Apr 21, 2020 at 5:59 PM Bin Li (BLOOMBERG/ 120 PARK) < bli...@bloomberg.net> wrote: > I have followed the setup > https://www.nginx.com/blog/nginx-plus-authenticate-users/ to setup nginx > LDAP authentication. > > This command works "http -a admin:password GET > localhost/pulp/api/v3/repositories/rpm/rpm/ Cookie:nginxauth=XXX". The > Cookie is the base64 encoded ldap username and password. > > I assume I should follow the below so I don't have to specify admin:pwd > > https://docs.pulpproject.org/installation/authentication.html#webserver-auth-with-reverse-proxy > > Adding the below to settings.py doesn't seem to work. > REMOTE_USER_ENVIRON_NAME = 'HTTP_REMOTE_USER' > AUTHENTICATION_BACKENDS = > ['pulpcore.app.authentication.PulpNoCreateRemoteUserBackend'] > REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'] = ( > 'rest_framework.authentication.SessionAuthentication', > 'pulpcore.app.authentication.PulpRemoteUserAuthentication' > > I am a little confused what need to be added for this setup. > nginx <---http---> gunicornpulpcore.app.wsgi application > > Please advise > Thanks > > > From: dkli...@redhat.com At: 04/17/20 10:45:31 > To: Bin Li (BLOOMBERG/ 120 PARK ) > Cc: pulp-list@redhat.com > Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication > > Theoretically you should be able to use pulpcore-client even with LDAP > authentication in the web server. However, I have not tested this. I've > only helped users that use certificate authentication in the webserver. > What error are you seeing on the client side? Do you see any errors in pulp > logs? > > On Fri, Apr 17, 2020 at 10:20 AM Bin Li (BLOOMBERG/ 120 PARK) < > bli...@bloomberg.net> wrote: > >> Thanks Dennis. >> >> We use pulpcore python client to interact with api. Once we enable ldap >> on nginx, the below code that pulpcore-client authenticate will not work >> any more. I am wonder if we are still be able to use pulpcore-client? or we >> have to rewrite the client code. This sounds too much work for us for now. >> configuration = pulpcore.Configuration() >> configuration.host = 'http://localhost' >> configuration.username = 'admin' >> configuration.password = 'pwd' >> rpm_client = pulp_rpm.ApiClient(configuration) >> >> From: dkli...@redhat.com At: 04/16/20 08:38:38 >> To: Bin Li (BLOOMBERG/ 120 PARK ) >> Cc: pulp-list@redhat.com >> Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication >> >> Please be aware that there is a bug in dynaconf 2.2 with how settings are >> merged[0]. I recommend upgrading it to dynaconf 3.0.0rc1 for best results >> when configuring authentication backends in pulp. >> >> [0] https://pulp.plan.io/issues/6244 >> [1] https://pypi.org/project/dynaconf/3.0.0rc1/ >> >> >> On Wed, Apr 15, 2020 at 7:02 PM Dennis Kliban wrote: >> >>> Pulp 3 does not currently support multiple users. We are planning to add >>> support for RBAC in the near future. However, I don't have a concrete >>> timeline for that. With all that said, you still can configure the web >>> server to perform authentication[0]. In this case Pulp will stop performing >>> authentication and will simply look for a WSGI environment variable that >>> contains the username. >>> >>> [0] >>> https://docs.pulpproject.org/installation/authentication.html#webserver-auth >>> [1] >>> https://docs.pulpproject.org/settings.html?highlight=remote_user#remote-user-environ-name >>> >>> On Wed, Apr 15, 2020 at 3:19 PM Bin Li (BLOOMBERG/ 120 PARK) < >>> bli...@bloomberg.net> wrote: >>> I am thinking to configure nginx with ldap authentication, but I couldn't find a way to interact with the api. Does pulpcore-client work with ldap authentication? Has anyone made httpie work with ldap? Thanks ___ Pulp-list mailing list Pulp-list@redhat.com https://www.redhat.com/mailman/listinfo/pulp-list >>> >>> >> > ___ Pulp-list mailing list Pulp-list@redhat.com https://www.redhat.com/mailman/listinfo/pulp-list
Re: [Pulp-list] pulpcore-client 3.2 ldap authentication
I have followed the setup https://www.nginx.com/blog/nginx-plus-authenticate-users/ to setup nginx LDAP authentication. This command works "http -a admin:password GET localhost/pulp/api/v3/repositories/rpm/rpm/ Cookie:nginxauth=XXX". The Cookie is the base64 encoded ldap username and password. I assume I should follow the below so I don't have to specify admin:pwdhttps://docs.pulpproject.org/installation/authentication.html#webserver-auth-with-reverse-proxy Adding the below to settings.py doesn't seem to work. REMOTE_USER_ENVIRON_NAME = 'HTTP_REMOTE_USER' AUTHENTICATION_BACKENDS = ['pulpcore.app.authentication.PulpNoCreateRemoteUserBackend'] REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'] = ( 'rest_framework.authentication.SessionAuthentication', 'pulpcore.app.authentication.PulpRemoteUserAuthentication' I am a little confused what need to be added for this setup. nginx <---http---> gunicornpulpcore.app.wsgi application Please advise Thanks From: dkli...@redhat.com At: 04/17/20 10:45:31To: Bin Li (BLOOMBERG/ 120 PARK ) Cc: pulp-list@redhat.com Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication Theoretically you should be able to use pulpcore-client even with LDAP authentication in the web server. However, I have not tested this. I've only helped users that use certificate authentication in the webserver. What error are you seeing on the client side? Do you see any errors in pulp logs? On Fri, Apr 17, 2020 at 10:20 AM Bin Li (BLOOMBERG/ 120 PARK) wrote: Thanks Dennis. We use pulpcore python client to interact with api. Once we enable ldap on nginx, the below code that pulpcore-client authenticate will not work any more. I am wonder if we are still be able to use pulpcore-client? or we have to rewrite the client code. This sounds too much work for us for now. configuration = pulpcore.Configuration() configuration.host = 'http://localhost' configuration.username = 'admin' configuration.password = 'pwd' rpm_client = pulp_rpm.ApiClient(configuration) From: dkli...@redhat.com At: 04/16/20 08:38:38To: Bin Li (BLOOMBERG/ 120 PARK ) Cc: pulp-list@redhat.com Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication Please be aware that there is a bug in dynaconf 2.2 with how settings are merged[0]. I recommend upgrading it to dynaconf 3.0.0rc1 for best results when configuring authentication backends in pulp. [0] https://pulp.plan.io/issues/6244 [1] https://pypi.org/project/dynaconf/3.0.0rc1/ On Wed, Apr 15, 2020 at 7:02 PM Dennis Kliban wrote: Pulp 3 does not currently support multiple users. We are planning to add support for RBAC in the near future. However, I don't have a concrete timeline for that. With all that said, you still can configure the web server to perform authentication[0]. In this case Pulp will stop performing authentication and will simply look for a WSGI environment variable that contains the username. [0] https://docs.pulpproject.org/installation/authentication.html#webserver-auth [1] https://docs.pulpproject.org/settings.html?highlight=remote_user#remote-user-environ-name On Wed, Apr 15, 2020 at 3:19 PM Bin Li (BLOOMBERG/ 120 PARK) wrote: I am thinking to configure nginx with ldap authentication, but I couldn't find a way to interact with the api. Does pulpcore-client work with ldap authentication? Has anyone made httpie work with ldap? Thanks___ Pulp-list mailing list Pulp-list@redhat.com https://www.redhat.com/mailman/listinfo/pulp-list ___ Pulp-list mailing list Pulp-list@redhat.com https://www.redhat.com/mailman/listinfo/pulp-list
Re: [Pulp-list] Pulp-list Digest, Vol 125, Issue 19
Hi Bin, Related to this issue, I have some questions I'm interested in. I posted them here https://pulp.plan.io/issues/6463#note-1 If you're able to post any info you have that would be great. Thanks. Brian On Mon, Apr 20, 2020 at 7:12 PM Bin Li (BLOOMBERG/ 120 PARK) < bli...@bloomberg.net> wrote: > We are still seeing the same errors on 8 repos out of total of 270. The > sync job failed immediately when we tried to resync. However, if we delete > and recreate the repo, we don't see the errors when we sync. > > > From: pulp-list@redhat.com At: 04/20/20 12:01:43 > To: pulp-list@redhat.com > Subject: Pulp-list Digest, Vol 125, Issue 19 > > Send Pulp-list mailing list submissions to > pulp-list@redhat.com > > To subscribe or unsubscribe via the World Wide Web, visit > https://www.redhat.com/mailman/listinfo/pulp-list > or, via email, send a message with subject or body 'help' to > pulp-list-requ...@redhat.com > > You can reach the person managing the list at > pulp-list-ow...@redhat.com > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Pulp-list digest..." > > > Today's Topics: > > 1. Re: pulp 3.2.1 duplicate key error (Dennis Kliban) > > > -- > > Message: 1 > Date: Mon, 20 Apr 2020 11:25:42 -0400 > From: Dennis Kliban > To: Bin Li > Cc: pulp-list > Subject: Re: [Pulp-list] pulp 3.2.1 duplicate key error > Message-ID: > > Content-Type: text/plain; charset="utf-8" > > The issue does not have any steps to reproduce it. Have you been able to > consistently reproduce the issue with a specific repository? Does it go > away the next time you perform the sync? > > On Wed, Apr 8, 2020 at 9:03 AM Bin Li (BLOOMBERG/ 120 PARK) < > bli...@bloomberg.net> wrote: > > > Thanks Brian. I filed an issue https://pulp.plan.io/issues/6463 > > > > From: bmbou...@redhat.com At: 04/07/20 15:59:11 > > To: Bin Li (BLOOMBERG/ 120 PARK ) > > Cc: pulp-list@redhat.com > > Subject: Re: [Pulp-list] pulp 3.2.1 duplicate key error > > > > I heard another developer report a similar issue, but we couldn't > > reproduce it. Could you file this as an issue also please? > > > > On Tue, Apr 7, 2020 at 3:42 PM Bin Li (BLOOMBERG/ 120 PARK) < > > bli...@bloomberg.net> wrote: > > > >> Noticed we have a few errors when running sync. > >> > >> "error": { > >> "description": "duplicate key value violates unique constraint > >> \"core_repositoryversion_repository_id_number_3c54ce50_uniq\"\nDETAIL: > Key > >> (repository_id, number)=(59eb02b1-edab-46e3-a69b-d69a8b314f20, 2) > already > >> exists.\n", > >> > >> What could be the cause of this? How can we resolve it? > >> ___ > >> Pulp-list mailing list > >> Pulp-list@redhat.com > >> https://www.redhat.com/mailman/listinfo/pulp-list > > > > > > ___ > > Pulp-list mailing list > > Pulp-list@redhat.com > > https://www.redhat.com/mailman/listinfo/pulp-list > -- next part -- > An HTML attachment was scrubbed... > URL: > < > https://www.redhat.com/archives/pulp-list/attachments/20200420/6c0bc1a7/atta > chment.html> > > -- > > ___ > Pulp-list mailing list > Pulp-list@redhat.com > https://www.redhat.com/mailman/listinfo/pulp-list > > End of Pulp-list Digest, Vol 125, Issue 19 > ** > > > ___ > Pulp-list mailing list > Pulp-list@redhat.com > https://www.redhat.com/mailman/listinfo/pulp-list ___ Pulp-list mailing list Pulp-list@redhat.com https://www.redhat.com/mailman/listinfo/pulp-list