Bug 1371974

Summary: pulp-admin login on capsule causes error 500
Product: Red Hat Satellite Reporter: Peter Vreman <peter.vreman>
Component: Capsule - ContentAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED NOTABUG QA Contact: Katello QA List <katello-qa-list>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.2.0CC: bbuckingham, jcallaha, peter.vreman
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-02-12 14:44:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1122832    

Description Peter Vreman 2016-08-31 15:04:42 UTC 
Description of problem:
We have to troubleshoot some pulp issues on the capsule. At the moment it is not possible use pulp-admin to login to the pulp services running on the capsule.
An upstream bug  http://projects.theforeman.org/issues/12368 confirms this bug

To login we normally use the trick from the http://www.katello.org/troubleshooting/faq.html to add the certificates:

mkdir -p ~/.pulp && chmod 0700 ~/.pulp 
sudo cat /etc/pki/katello/certs/pulp-client.crt /etc/pki/katello/private/pulp-client.key > ~/.pulp/user-cert.pem

Alternative is loign from root and read the password from the pulp server config

pulp-admin login -u admin -p $(awk '/^ *default_password/ { print $NF }' /etc/pulp/server.conf)


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Install pulp-admin on capsule
2. Run pulp-admin login
3. Run pulp-admin tasks lists

Actual results:
Step 2 already fails

Expected results:
Login works


Additional info:
Comment 3 Peter Vreman 2017-06-27 10:25:54 UTC 
I installed a fresh capsule 6.2.10 and got it regitered in the sat6 server and it is working fine for serving the content.

We are using a custom ssl certificate

The pulp-admin login is still not working

[crash/LI] root@li-lc-1589:~# pulp-admin login -u admin -p $(awk '/^ *default_password/ { print $NF }' /etc/pulp/server.conf)
An internal error occurred on the Pulp server:

RequestException: POST request
on /pulp/api/v2/actions/login/ failed with 500 - error signing cert request:
Signature ok
subject=/CN=admin:admin:5947de7db127ca4b58c2892a
Getting CA Private
Key
CA certificate and CA private key do not
match
140382766852000:error:0B080074:x509 certificate
routines:X509_check_private_key:key values mismatch:x509_cmp.c:331:
unable to
write 'random state'


Using the SSL cert based login does not work either because the soruce files are not available on the Capsule

[crash/LI] root@li-lc-1589:~# sudo cat /etc/pki/katello/certs/pulp-client.crt /etc/pki/katello/private/pulp-client.key > ~/.pulp/user-cert.pem
cat: /etc/pki/katello/certs/pulp-client.crt: No such file or directory
cat: /etc/pki/katello/private/pulp-client.key: No such file or directory
Comment 4 Peter Vreman 2018-02-12 14:44:51 UTC 
Pulp login is not needed.
Using a user and password per command works fine on both Server and Capsules.