Description of problem: i am running into an authorization failure error on consumer bind 1. I have a server (box-A) and I have repos synced 2. I have box-B as my client and have just installed pulp-client, changed the client.conf to give the right server (box A) and started pulpd 3. Now did a consumer create on the client 4. on the server did a pulp-admin consumer list 5. and its listing the client I registered above 6. Now I run pulp-admin consumer bind on that consumer and get the authorization error [root@preethi ~]# pulp-admin -u admin -p admin consumer bind --repoid=f13 --id=nec-em18.rhts.eng.bos.redhat.com "Authorization failed. Check your username and password or your certificate" I do see this in the pulp.log 2010-09-14 17:38:21,710 [ERROR][MainThread] check_admin_cert() @ role_check.py:155 - Admin certificate with CN [None] is signed by a foreign CA 2010-09-14 17:38:21,954 [ERROR][Dummy-3] check_consumer() @ role_check.py:264 - Consumer with id [preethi.usersys.redhat.com] does not exist Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Here is what I found out. If run pulp-client consumer create on my pulp server, and then do the pulp-admin consumer bind on my second client, the bind successfully completes. [root@preethi ~]# pulp-client -u admin -p admin consumer create --id=preethi.usersys.redhat.com Successfully created consumer [ preethi.usersys.redhat.com ] [root@preethi ~]# pulp-admin consumer -u admin -p admin bind --id=10.16.120.215 --repoid=f12_x86_64 Successfully subscribed consumer [10.16.120.215] to repo [f12_x86_64]
This is caused by the fact that we don't know if it is the pulp-admin calling the bind() method or pulp-client and we end up trying to use any existing Consumer certificates on the *admin* machine. Note the bind call in the client code: def _bind(self): consumerid = self.getConsumer() if not self.options.repoid: print _("repo id required. Try --help") sys.exit(0) try: self.cconn.bind(consumerid, self.options.repoid) self.repolib.update() that repolib.update() should never be called if pulp-admin is executing. that is trying to update the package profile from the *admin* box, not the consumer. need to determine how to handle this from an architectural perspective.
re-assigning to jortel since this is a feature he is working on.
Updated so CLI (client) only updates the pulp.repo when running as pulp-client. Further, the API was updated to do asynchronous RMI to agent (client) to update the pulp.repo file. This does result in updating the pulp.repo file twice in cases where the bind/unbind happens through pulp-client. But, that's not a problem because: * The bind/unbind operation is low frequency * The repolib.update() is protected against concurrent update. * Updating the .repo file is fast and efficient. git hash: ff8e06897f7154b5d2795e32abeb527e77f57ed6
Fixed in the 0.73 release.
fails_qa before I created the consumer for the server I get the error as follows [root@preethi ~]# pulp-admin consumer bind --id=10.16.120.161 --repoid=f12_x86_64_update error: operation failed: "Authorization failed. Check your username and password or your certificate" from pulp.log 010-10-19 14:17:00,364 [INFO][Dummy-4] connection() @ endpoint.py:82 - {1542de96-71af-4677-92ec-108f337ddd10} connected to AMQP 2010-10-19 14:17:00,382 [INFO][Dummy-4] send() @ producer.py:55 - {1542de96-71af-4677-92ec-108f337ddd10} sent (10.16.120.161;{create:always,node:{type:queue,durable:True},link:{durable:True}}) { "origin": "1542de96-71af-4677-92ec-108f337ddd10", "window": {}, "version": "0.1", "sn": "b4b71492-06f9-4d22-b32c-29c009aefa70", "replyto": null, "request": { "classname": "repolib", "kws": {}, "args": [], "method": "update" }, "any": null } 2010-10-19 14:17:00,487 [ERROR][Dummy-3] check_consumer() @ role_check.py:260 - Consumer with id [preethi.usersys.redhat.com] does not exist once I create the consumer for the server, the pulp-admin bind becomes successful. [root@preethi ~]# pulp-client -u admin -p admin consumer create --id=preethi.usersys.redhat.com Successfully created consumer [ preethi.usersys.redhat.com ] [root@preethi ~]# pulp-admin consumer bind --id=10.16.120.161 --repoid=f12_x86_64_update Successfully subscribed consumer [10.16.120.161] to repo [f12_x86_64_update]
I think the issue here is that the client is not loading the admin certificate. This should be fixed when 631526 is fixed.
Pradeep, I'm assigning to you since 631526 is assigned to you.
Fixed in build 0.78.
verified [root@preethi ~]# pulp-admin consumer list +------------------------------------------+ Consumer Information +------------------------------------------+ Id 10.16.79.206 Description None Subscribed Repos /pulp/api/consumers/10.16.79.206/repoids/ Profile https://preethi.usersys.redhat.com:443/pulp/api/consumers/10.16.79.206/package_profile/ Additional info {} [root@preethi ~]# pulp-admin consumer bind --id=10.16.79.206 --repoid=f13 Successfully subscribed consumer [10.16.79.206] to repo [f13]
Closing with Community Release 15 pulp-0.0.223-4.