968847 – log-delete only supports kerberos authentication for remote log deletion

Bug 968847 - log-delete only supports kerberos authentication for remote log deletion

Summary: log-delete only supports kerberos authentication for remote log deletion

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Beaker
Classification:	Retired
Component:	lab controller
Sub Component:
Version:	0.12
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	0.15.2
Assignee:	Raymond Mancy
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-05-30 06:10 UTC by Raymond Mancy
Modified:	2018-02-06 00:41 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2013-12-19 07:04:08 UTC
Embargoed:

Attachments	(Terms of Use)

Description Raymond Mancy 2013-05-30 06:10:59 UTC

Description of problem:

log-delete hardcodes the use of krb authentication when deleting.
For Beaker instances that do not use krb, this is a problem.

Version-Release number of selected component (if applicable):

0.12

How reproducible:

Always

Steps to Reproduce:
1. Set up an archive server
2. Run log delete against that archive server
3.

Actual results:

It will not work if you are not using krb auth.

Expected results:

Configurable to use other auth methods (i.e basic)

Additional info:

Comment 1 Nick Coghlan 2013-10-01 07:35:21 UTC

On Gerrit: http://gerrit.beaker-project.org/2304

Comment 3 Nick Coghlan 2013-11-27 06:16:18 UTC

The patch was prepared against the 0.15 branch, and rather than trying to backport it, we'll just include this in 0.15.2 rather than 0.14.4.

Comment 5 Raymond Mancy 2013-12-10 10:16:53 UTC

Sure. Have a look at the changes made as part of this patch. http://gerrit.beaker-project.org/#/c/2602/

One is adding the required config entries to beaker, and the other is configuring apache.

After both apache and beaker have been updated (and restarted) I would run beaker-log-delete --verbose --dry-run to see if there are any logs ready to be deleted. If not, then delete a job (and then run beaker-log-delete --dry-run --verbose again to ensure that the logs you expect it to be deleted have been found). 

Then run it without the --dry-run arg and it should delete some logs. If there are problems, check the apache error logs. If there appear to be no problems, check that the files no longer are on disk.

Comment 6 Nick Coghlan 2013-12-12 05:41:19 UTC

Just some additional notes regarding verification for this patch:

While the problem was initially noted in the context of setting up an archive server, it is equally applicable to a lab where the logs are hosted locally on the lab controller, but Apache is configured to use basic digest auth rather than Kerberos (previously the log-delete script only supported Kerberos authentication, this change updated it to also support digest auth).

So the original "steps to reproduce" isn't right, as the important part isn't setting up an archive server, it's configuring the Apache instance hosting the logs (whether that's on the lab controller or on a separate archive server) to use digest auth rather than Kerberos.

Comment 8 Amit Saha 2013-12-19 07:04:08 UTC

Release announcement: https://lists.fedorahosted.org/pipermail/beaker-devel/2013-December/000923.html

Note You need to log in before you can comment on or make changes to this bug.