Description of problem: When trying to access protected repository using client certificate, the authentication fails. Version-Release number of selected component (if applicable): pulp-0.0.256-1.f16 mod_wsgi-3.3-1.fc16 How reproducible: Very Steps to Reproduce: 1. set up repos to be protected 2. generate a client certificate to access the repo 3. try accessing repo using that certificate Actual results: 401 - Authorization Required In log: [Mon Jan 09 15:37:27 2012] [error] [client ::1] mod_wsgi (pid=8105): Exception occurred processing WSGI script '/srv/pulp/repo_auth.wsgi'. [Mon Jan 09 15:37:27 2012] [error] [client ::1] Traceback (most recent call last): [Mon Jan 09 15:37:27 2012] [error] [client ::1] File "/srv/pulp/repo_auth.wsgi", line 34, in check_password [Mon Jan 09 15:37:27 2012] [error] [client ::1] authorized = _handle(environ) [Mon Jan 09 15:37:27 2012] [error] [client ::1] File "/srv/pulp/repo_auth.wsgi", line 71, in _handle [Mon Jan 09 15:37:27 2012] [error] [client ::1] result = f(environ) [Mon Jan 09 15:37:27 2012] [error] [client ::1] File "/usr/lib/python2.7/site-packages/pulp/repo_auth/oid_validation.py", line 54, in authenticate [Mon Jan 09 15:37:27 2012] [error] [client ::1] cert_pem = environ["mod_ssl.var_lookup"]("SSL_CLIENT_CERT") [Mon Jan 09 15:37:27 2012] [error] [client ::1] KeyError: 'mod_ssl.var_lookup' Expected results: 200 Additional info: Works with mod_wsgi-3.2-6.pulp, it seems newer version of mod_wsgi in Fedora 16 repo prevents using the version of mod_wsgi in pulp repo.
It breaks basic functionality for Katello on F16.
Fixed in commit 00673c96b1c10585f585783b1b284b2865e77cfa to pulp. Bumped our build of mod_wsgi to 3.3. Removed our patch that we were carrying for the KeyError on httpd shutdown since that's now included in mod_wsgi.
build: 0.259
Guys, the pulp-testing repo has smaller version: http://repos.fedorapeople.org/repos/pulp/pulp/testing/6Server/x86_64/ leading to: Error: Package: pulp-0.0.259-1.el6.noarch (pulp-testing) Requires: mod_wsgi >= 3.3-1.pulp.el6 Available: mod_wsgi-3.2-1.el6.x86_64 (rhel-x86_64-server-6.1.z) mod_wsgi = 3.2-1.el6 Available: mod_wsgi-3.2-6.pulp.el6.x86_64 (pulp-testing) mod_wsgi = 3.2-6.pulp.el6 This blocks katello installer. Please distribute the correct version there (and in the stable later on too). Thanks!
Fedora 15 fails too for the very same reason. Severity urgent - cannot install Katello.
So it is in F16 updates, but not in F15 updates. Katello supports two fedora versions back. James would you mind cherry-picking the change into the F15 as well? http://koji.fedoraproject.org/koji/packageinfo?packageID=5541 For now I created a scratch build for F15: http://koji.fedoraproject.org/koji/taskinfo?taskID=3724750
Hmmm adding updated version in Fedora did not help: Error: Package: pulp-0.0.259-1.fc15.noarch (pulp-testing) Requires: mod_wsgi >= 3.3-1.pulp.fc15 Available: mod_wsgi-3.2-3.fc15.x86_64 (fedora-local) mod_wsgi = 3.2-3.fc15 Available: mod_wsgi-3.2-6.pulp.fc15.x86_64 (pulp) mod_wsgi = 3.2-6.pulp.fc15 Available: mod_wsgi-3.3-1.fc15.x86_64 (fedora-updates-local) mod_wsgi = 3.3-1.fc15 The issue is the "pulp" disttag. Will need to wait for James.
fwiw this is what I saw this morning when installing on rhel61: Error: Package: pulp-0.0.260-1.el6.noarch (pulp-testing) Requires: mod_wsgi >= 3.3-1.pulp.el6 Available: mod_wsgi-3.2-1.el6.x86_64 (rhel-6-server-rpms) mod_wsgi = 3.2-1.el6 Available: mod_wsgi-3.2-6.pulp.el6.x86_64 (pulp) mod_wsgi = 3.2-6.pulp.el6
latest mod_wsgi build didn't get tagged before Friday's QE build. I tagged and redid the QE build (there were no other changes between Friday and this morning). It's fixed and built in the pulp test repos.
verified [root@preethi-el6-pulp ~]# pulp-consumer -u admin -p admin consumer bind --repoid=pulp_f15_x86_64 Successfully subscribed consumer [client1] to repo [pulp_f15_x86_64] [root@preethi-el6-pulp ~]# yum repolist Loaded plugins: product-id, pulp-profile-update, security, subscription-manager Updating certificate-based repositories. pulp_f15_x86_64 | 2.9 kB 00:00 pulp_f15_x86_64/primary_db | 11 kB 00:00 rhel6 | 4.0 kB 00:00 rhel6/primary_db | 3.1 MB 00:02 rhel6_2 | 3.7 kB 00:00 rhel6_2/primary_db | 11 MB 00:03 repo id repo name status epel Extra Packages for Enterprise Linux 6 - x86_64 6,991 pulp-v1-testing Pulp v1 Testing 20 pulp_f15_x86_64 pulp_f15_x86_64 20 rhel6 Red Hat Enterprise Linux 6Server - x86_64 - RHEL6 3,529 rhel6_2 rhel6_2 6,862 repolist: 17,422 [root@preethi-el6-pulp ~]# cat /etc/yum.repos.d/ epel.repo pulp.repo rhel-pulp.repo rhel-source.repo epel-testing.repo redhat.repo rhel-pulp.repo.1 [root@preethi-el6-pulp ~]# cat /etc/yum.repos.d/pulp.repo # # Pulp Repositories # Managed by Pulp client # [rhel6_2] name = rhel6_2 enabled = 1 sslverify = 0 gpgcheck = 0 baseurl = https://preethi.usersys.redhat.com/pulp/repos/content/dist/rhel/rhui/server/6/6Server/x86_64/os [pulp_f15_x86_64] name = pulp_f15_x86_64 enabled = 1 sslverify = 1 gpgcheck = 0 sslcacert = /etc/pki/pulp/client/repo/pulp_f15_x86_64/ca.crt sslclientcert = /etc/pki/pulp/client/repo/pulp_f15_x86_64/client.crt baseurl = https://preethi.usersys.redhat.com/pulp/repos/repos/pulp/pulp/v1/testing/fedora-15/x86_64[root@preethi-el6-pulp ~]#
Pulp v1.0 is released Closed Current Release.
Pulp v1.0 is released.