Bug 968847

Summary: log-delete only supports kerberos authentication for remote log deletion
Product: [Retired] Beaker Reporter: Raymond Mancy <rmancy>
Component: lab controllerAssignee: Raymond Mancy <rmancy>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 0.12CC: aigao, asaha, dcallagh, ebaak, jingwang, llim, qwan, rmancy
Target Milestone: 0.15.2   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-12-19 07:04:08 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Raymond Mancy 2013-05-30 06:10:59 UTC 
Description of problem:

log-delete hardcodes the use of krb authentication when deleting.
For Beaker instances that do not use krb, this is a problem.

Version-Release number of selected component (if applicable):

0.12

How reproducible:

Always

Steps to Reproduce:
1. Set up an archive server
2. Run log delete against that archive server
3.

Actual results:

It will not work if you are not using krb auth.

Expected results:

Configurable to use other auth methods (i.e basic)

Additional info:
Comment 1 Nick Coghlan 2013-10-01 07:35:21 UTC 
On Gerrit: http://gerrit.beaker-project.org/2304
Comment 3 Nick Coghlan 2013-11-27 06:16:18 UTC 
The patch was prepared against the 0.15 branch, and rather than trying to backport it, we'll just include this in 0.15.2 rather than 0.14.4.
Comment 5 Raymond Mancy 2013-12-10 10:16:53 UTC 
Sure. Have a look at the changes made as part of this patch. http://gerrit.beaker-project.org/#/c/2602/

One is adding the required config entries to beaker, and the other is configuring apache.

After both apache and beaker have been updated (and restarted) I would run beaker-log-delete --verbose --dry-run to see if there are any logs ready to be deleted. If not, then delete a job (and then run beaker-log-delete --dry-run --verbose again to ensure that the logs you expect it to be deleted have been found). 

Then run it without the --dry-run arg and it should delete some logs. If there are problems, check the apache error logs. If there appear to be no problems, check that the files no longer are on disk.
Comment 6 Nick Coghlan 2013-12-12 05:41:19 UTC 
Just some additional notes regarding verification for this patch:

While the problem was initially noted in the context of setting up an archive server, it is equally applicable to a lab where the logs are hosted locally on the lab controller, but Apache is configured to use basic digest auth rather than Kerberos (previously the log-delete script only supported Kerberos authentication, this change updated it to also support digest auth).

So the original "steps to reproduce" isn't right, as the important part isn't setting up an archive server, it's configuring the Apache instance hosting the logs (whether that's on the lab controller or on a separate archive server) to use digest auth rather than Kerberos.
Comment 8 Amit Saha 2013-12-19 07:04:08 UTC 
Release announcement: https://lists.fedorahosted.org/pipermail/beaker-devel/2013-December/000923.html