Hide Forgot
Description of problem: I was hitting the below build failure, which matches what's reported in bug 749088. However after adding the <rootpw> parameter to my template as described in the bz the build failures continued. After some poking I found the problem is due to having changed the conductor admin password -- change it back to "password" and the builds succeed. [root@sideshowbob]# aeolus-image build --target ec2 --template F15.xml /usr/lib/ruby/gems/1.8/gems/activeresource-3.0.10/lib/active_resource/connection.rb:131:in `handle_response': Failed. Response code = 401. Response message = Unauthorized. (ActiveResource::UnauthorizedAccess) from /usr/lib/ruby/gems/1.8/gems/activeresource-3.0.10/lib/active_resource/connection.rb:114:in `request' from /usr/lib/ruby/gems/1.8/gems/activeresource-3.0.10/lib/active_resource/connection.rb:97:in `post' from /usr/lib/ruby/gems/1.8/gems/activeresource-3.0.10/lib/active_resource/connection.rb:217:in `with_auth' from /usr/lib/ruby/gems/1.8/gems/activeresource-3.0.10/lib/active_resource/connection.rb:97:in `post' from /usr/lib/ruby/gems/1.8/gems/activeresource-3.0.10/lib/active_resource/base.rb:1314:in `create_without_notifications' from /usr/lib/ruby/gems/1.8/gems/activeresource-3.0.10/lib/active_resource/observing.rb:11:in `create' from /usr/lib/ruby/gems/1.8/gems/activeresource-3.0.10/lib/active_resource/base.rb:1117:in `save_without_validation' from /usr/lib/ruby/gems/1.8/gems/activeresource-3.0.10/lib/active_resource/validations.rb:87:in `save_without_notifications' from /usr/lib/ruby/gems/1.8/gems/activeresource-3.0.10/lib/active_resource/observing.rb:11:in `save' from /usr/lib/ruby/gems/1.8/gems/activeresource-3.0.10/lib/active_resource/base.rb:1134:in `save!' from /usr/lib/ruby/gems/1.8/gems/aeolus-cli-0.1.0/lib/aeolus_cli/command/build_command.rb:37:in `run' from /usr/lib/ruby/gems/1.8/gems/aeolus-cli-0.1.0/lib/aeolus_cli/command/config_parser.rb:220:in `build' from /usr/lib/ruby/gems/1.8/gems/aeolus-cli-0.1.0/lib/aeolus_cli/command/config_parser.rb:38:in `send' from /usr/lib/ruby/gems/1.8/gems/aeolus-cli-0.1.0/lib/aeolus_cli/command/config_parser.rb:38:in `process' from /usr/lib/ruby/gems/1.8/gems/aeolus-cli-0.1.0/bin/aeolus-image:20 from /usr/bin/aeolus-image:19:in `load' from /usr/bin/aeolus-image:19 Version-Release number of selected component (if applicable): rubygem-aeolus-cli-0.1.0-3.el6 aeolus-conductor-0.5.0-1.el6 How reproducible: always Steps to Reproduce: 1. change conductor admin password 2. run aeolus-image build Actual results: build fails w/ above error Expected results: build succeeds Additional info:
Any aeolus-image command should fail in this case, not just the build commands. The command reads your ~/.aeolus-cli file, which is most likely written with the default admin/password pair the first time it's run. This also seems to tie into the related task for cleaning up error messages -- we should show a helpful error, not raise the 401 response as an exception to the user.
(In reply to comment #1) > The command reads your ~/.aeolus-cli file, which is most likely written with > the default admin/password pair the first time it's run. Yep that was it. Is storing the aeolus admin creds in plaintext just a temporary thing?
Is this bug intended to be private, or can I mark it public? We had a discussion about how to handle the credentials. I think having them in plaintext is preferable to the other obvious choice -- specifying your username and password on the command-line. We may want to do something with OAuth or whatnot.
(In reply to comment #3) > Is this bug intended to be private, or can I mark it public? Just habit (GSS is instructed to open all customer reported bugs as private). I've opened it up. > We had a discussion about how to handle the credentials. I think having them in > plaintext is preferable to the other obvious choice -- specifying your username > and password on the command-line. We may want to do something with OAuth or > whatnot. I'd think storing the admin creds as plaintext would be considered a security issue. Also having to manage the admin password in 2 different places for webui vs. cli is definitely problematic.
Updated the help and man pages documentation to highlight ~/.aeolus-cli config file. commit d721dc07162be97ab53afd58f156b1f2b00983c7 Author: Maros Zatko <mzatko> Date: Wed Nov 23 17:40:05 2011 +0100 added mention of .aeolus-cli into default help With regards to showing plain text passwords. This is only a temporary solution. The longer term plan is for aeolus-cli to access conductor API via OAuth. However, this will not happen for 1.0; simple HTTP authentication will be used and passwords will be stored as plain text in user directory.
d721dc0 in rubygem-aeolus-cli-0.3.0-2
[root@qeblade32 builders]# aeolus Usage: aeolus [image] [subcommand] [general options] [command options] -h, --help Get usage information for this tool URL with credentials to Conductor are set in ~/.aeolus-cli Conductor URL should point to https://<host_where_conductor_runs>/conductor/api [root@qeblade32 builders]# [root@qeblade32 builders]# [root@qeblade32 builders]# [root@qeblade32 builders]# [root@qeblade32 builders]# aeolus-image -h Usage: aeolus-image [list|build|push|import|delete|status] [command options] -h, --help Get usage information for this tool Aeolus Image Commands: list : Lists Aeolus Image Resources build : Builds a new Image push : Pushes an Image to a particular Provider Account import : Imports an existing image delete : Delete an Aeolus Image Resource status : Check the status of a push or build See `aeolus-image <command> -h need to add it aeolus-image
[root@qeblade32 builders]# rpm -qa | grep aeolus aeolus-conductor-doc-0.8.0-5.el6.noarch rubygem-aeolus-cli-0.3.0-3.el6.noarch rubygem-aeolus-image-0.3.0-2.el6.noarch aeolus-all-0.8.0-5.el6.noarch aeolus-configure-2.5.0-4.el6.noarch aeolus-conductor-0.8.0-5.el6.noarch aeolus-conductor-daemons-0.8.0-5.el6.noarch [root@qeblade32 builders]#
Updated help message output to highlight credentials file. commit ade2a901da0777ab5fe3daab610e74f6a2f77de4 Author: Martyn Taylor <mtaylor> Date: Wed Jan 18 10:11:20 2012 +0000 BZ#751212 Added reference to ~/.aeolus-cli in help output
35c46dbd9ace5d008fc35237bcadaf2330feadc8 in rubygem-aeolus-cli-0.3.0-7
[root@hp-xw9300-01 ~]# aeolus-image build --target ec2 --template fedora15.tpl ERROR: Unauthorized => Invalid Credentials, please check ~/.aeolus-cli Verified in rpm -qa|grep aeolus aeolus-conductor-doc-0.8.0-20.el6.noarch aeolus-configure-2.5.0-11.el6.noarch aeolus-conductor-daemons-0.8.0-20.el6.noarch rubygem-aeolus-image-0.3.0-7.el6.noarch aeolus-all-0.8.0-20.el6.noarch aeolus-conductor-0.8.0-20.el6.noarch rubygem-aeolus-cli-0.3.0-7.el6.noarch