Hide Forgot
Description of problem: I was unable to perform a successful CDS sync when I had existing global repo auth certs on my pulp-server. The CDS would attempt to sync using bad global repo certs and sync would fail. When I looked at the certs used on CDS side I saw the content of the cert was bad. Content of the cert was it's filename. So '/etc/pki/content/pulp-global-repo.cert' had content of '/etc/pki/content/pulp-global-repo.cert' and not expected cert data. It looked like the pulp-server was sending out the global_cert_bundle with the filename and not the contents of the cert. Pulp-server had global repo certs in key/cert format: /etc/pki/content/BACKUP/pulp-global-repo.{ca,key.cert} Note: These were older certs from a few months ago. Pulp-server was sending below on sync call: gofer.messaging.policy:INFO: policy:116 sent (cds-pulp-cds): { "classname": "cdsplugin", "kws": {}, "args": [ { "repos": [ { "name": "jwm_test", "publish": true, "relative_path": "repo_resync", "source": { "url": "http://jmatthews.fedorapeople.org/repo_resync/", "type": "remote" }, "_id": "jwm_test", "arch": "noarch", "id": "jwm_test" } ], "repo_base_url": "https://jwm-devel.home//pulp/repos", "repo_cert_bundles": { "jwm_test": null }, "cluster_id": null, "cluster_members": null, "server_ca_cert": null, "global_cert_bundle": { "ca": "/etc/pki/content/pulp-global-repo.ca", "cert": "/etc/pki/content/pulp-global-repo.cert" } } ], "method": "sync" } I removed the global repo auth certs on pulp-server, and CDS syncs worked. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. On pulp-server create cert for /etc/pki/content/pulp-global-repo.cert 2. On pulp-server create ca for /etc/pki/content/pulp-global-repo.ca 3. On pulp-server disable global repo auth 4. Initiate a CDS sync Actual results: Observe CDS sync fails, further on CDS side the contents of: /etc/pki/content/pulp-global-repo.cert is incorrect, it is the filename and not actual SSL cert data. Expected results: CDS sync succeeds. Additional info: My setup with global repo auth was old, prior to when we moved from key/cert to just a cert. Possibly what I am seeing is a result of working with an old setup?
Updated to send ca/cert bundle contents instead of file paths.
build: 0.228
verified [root@pulp-f15 ~]# rpm -q pulp pulp-0.0.228-1.fc15.noarch [root@pulp-f15 ~]# [root@pulp-f15 ~]# pulp-admin auth enable_global_repo_auth --ca=/root/certs/ca1.crt --cert=/root/certs/pulp-f14.crt --key=/root/certs/ca1.key Global repository authentication enabled [root@pulp-f15 ~]# pulp-admin cds sync --hostname=pulp-cds.usersys.redhat.com Sync for CDS [pulp-cds.usersys.redhat.com] started Use "cds status" to check on the progress [root@pulp-f15 ~]# pulp-admin cds status --hostname=pulp-cds.usersys.redhat.com +------------------------------------------+ CDS Status +------------------------------------------+ Name pulp-cds.usersys.redhat.com Hostname pulp-cds.usersys.redhat.com Description None Cluster None Sync Schedule None Repos None Last Sync 2011-08-30 15:24:36-04:00 Status: Responding Yes Last Heartbeat 2011-08-30 19:24:33.996168+00:00 +------------------------------------------+ Most Recent Sync Tasks +------------------------------------------+ State Finished Start Time 2011-08-30 15:24:36-04:00 Finish Time 2011-08-30 15:24:36-04:00 [root@pulp-f15 ~]# pulp-admin auth disable_global_repo_auth Global repository authentication disabled [root@pulp-f15 ~]# pulp-admin cds sync --hostname=pulp-cds.usersys.redhat.com Sync for CDS [pulp-cds.usersys.redhat.com] started Use "cds status" to check on the progress [root@pulp-f15 ~]# pulp-admin cds status --hostname=pulp-cds.usersys.redhat.com +------------------------------------------+ CDS Status +------------------------------------------+ Name pulp-cds.usersys.redhat.com Hostname pulp-cds.usersys.redhat.com Description None Cluster None Sync Schedule None Repos None Last Sync 2011-08-30 15:26:17-04:00 Status: Responding Yes Last Heartbeat 2011-08-30 19:26:24.309619+00:00 +------------------------------------------+ Most Recent Sync Tasks +------------------------------------------+ State Finished Start Time 2011-08-30 15:26:17-04:00 Finish Time 2011-08-30 15:26:17-04:00 [root@pulp-f15 ~]#
Pulp v1.0 is released Closed Current Release.