Description of problem: Pulp uses MongoDB for its task result backend*. Pulp itself can authenticate to MongoDB, but it uses the wrong config key ("user" instead of "username") from server.conf for the username when configuring Celery to use Mongo as a result backend. This means that Celery gets an authentication failure whenever Mongo is configured to require permissions on the Pulp database. * The task result backend is what stores return values for tasks that need to return something. For example, all of Pulp's tasks that reserve resources rely on this to know which queue to put the work in. This means that many important tasks, such as sync, cannot work with MongoDB authentication. Version-Release number of selected component (if applicable): 2.4.0-1 and greater How reproducible: Very Steps to Reproduce: 1. Configure MongoDB for authenticated access, and disallow anonymous connections. 2. Configure the pulp user as the DB owner for full access 3. Restart Pulp. 4. Try to sync a repo Actual results: Observe that the sync fails, with a Mongo permission traceback in the server logs. Other tasks that do not use the results backend (like a repo list) will still work. Expected results: The sync should succeed.
For users encountering this issue, there is a simple workaround: 1) Edit your /etc/pulp/server.conf 2) Add a new "user" setting in your [database] section with the same value as you used in your "username" setting. 3) Save the file. Once we fix this issue, you should remove the "user" field as it will be extraneous.
https://github.com/pulp/pulp/pull/1141
build: 2.5.0-0.6.beta
Preethi, Since we moved this from 2.4 to 2.5, I believe we can change step 2 to say that Pulp needs dbAdmin and readWrite, instead of dbOwner. Here is a tutorial about how to add users to databases: http://docs.mongodb.org/manual/tutorial/add-user-to-database/ Here is the documentation about the various roles available: http://docs.mongodb.org/manual/reference/built-in-roles/#dbOwner
verified Configured MongoDB for authenticated access, and disallow anonymous connections. Followed the above docs And this http://docs.mongodb.org/manual/tutorial/enable-authentication-without-bypass/ used this to add [root@cloud-qe-12 ~]# mongo pulp_database MongoDB shell version: 2.4.6 connecting to: pulp_database > db.addUser({user: "pulpuser", pwd:"pulppass", roles: [ "readWrite", "dbAdmin" ]}) { "user" : "pulpuser", "pwd" : "1b512d0236d75c586c5d65423f59b225", "roles" : [ "readWrite", "dbAdmin" ], "_id" : ObjectId("543d383dab7f088df0756127") } > ^C bye [root@cloud-qe-12 ~]# vi /etc/pulp/server.conf update database section with the above pulpuser restart services Repo create/sync works fine.
[root@cloud-qe-12 ~]# rpm -qa pulp-server pulp-server-2.5.0-0.7.beta.el6.noarch [root@cloud-qe-12 ~]#