Need Koji Server Setup Help

John.Florian at dart.biz John.Florian at dart.biz
Tue Oct 22 14:52:18 UTC 2013 

> From: mikem at redhat.com
> 
> On 10/16/2013 06:28 PM, Michael Cronenworth wrote:
> > John.Florian at dart.biz wrote:
> >> However, if I try the login link on the web page, firefox comes up 
with a
> >> message stating:
> >>
> >> The page isn't redirecting properly
> > 
> > I believe this is a bug in the latest Koji. After Fedora 18 or 19 web
> > login broke for me and I never investigated as to why as I never use 
it.
> > I use the CLI.
> 
> The underlying bug is that koji's check for http vs https was breaking
> on newer versions of mod_wsgi. This was fixed on the hub a while back,
> but for some reason we missed it on the web ui.
> 
> This commit should help:
> https://git.fedorahosted.org/cgit/koji/commit/?
> id=cf01c000a83702ee74de67b2ead3bdef51591093


Thanks Mike!  That indeed seemed to get things going in the right 
direction, but now my login link makes me think I have a certificate error 
of sorts, yet everything looks good to me.  Clicking the login link gets 
me:

==> /var/log/httpd/error_log <==
[Tue Oct 22 09:48:02.669660 2013] [:error] [pid 623] 669 [ERROR] m=login 
u=None p=623 r=10.1.0.158:34806 koji.web: Traceback (most recent call 
last):
[Tue Oct 22 09:48:02.669694 2013] [:error] [pid 623]   File 
"/usr/share/koji-web/scripts/wsgi_publisher.py", line 368, in 
handle_request
[Tue Oct 22 09:48:02.669702 2013] [:error] [pid 623]     result = 
func(environ, **data)
[Tue Oct 22 09:48:02.669707 2013] [:error] [pid 623]   File 
"/usr/share/koji-web/scripts/index.py", line 237, in login
[Tue Oct 22 09:48:02.669713 2013] [:error] [pid 623]     if not 
_sslLogin(environ, session, username):
[Tue Oct 22 09:48:02.669717 2013] [:error] [pid 623]   File 
"/usr/share/koji-web/scripts/index.py", line 125, in _sslLogin
[Tue Oct 22 09:48:02.669722 2013] [:error] [pid 623] proxyuser=username)
[Tue Oct 22 09:48:02.669727 2013] [:error] [pid 623]   File 
"/usr/lib/python2.7/site-packages/koji/__init__.py", line 1726, in 
ssl_login
[Tue Oct 22 09:48:02.669732 2013] [:error] [pid 623]     sinfo = 
self.callMethod('sslLogin', proxyuser)
[Tue Oct 22 09:48:02.669746 2013] [:error] [pid 623]   File 
"/usr/lib/python2.7/site-packages/koji/__init__.py", line 1775, in 
callMethod
[Tue Oct 22 09:48:02.669752 2013] [:error] [pid 623]     return 
self._callMethod(name, args, opts)
[Tue Oct 22 09:48:02.669757 2013] [:error] [pid 623]   File 
"/usr/lib/python2.7/site-packages/koji/__init__.py", line 1914, in 
_callMethod
[Tue Oct 22 09:48:02.669761 2013] [:error] [pid 623]     raise err
[Tue Oct 22 09:48:02.669766 2013] [:error] [pid 623] AuthError: 
CN=mdct-koji.dartcontainer.com,OU=kojiweb,O=Dart Container 
Corp.,ST=Michigan,C=US is not authorized to login other users

My setup is as follows:

# grep ProxyDNs /etc/koji-hub/hub.conf
ProxyDNs = /C=US/ST=Michigan/O=Dart Container 
Corp./OU=kojiweb/CN=mdct-koji.dartcontainer.com

# grep WebCert /etc/kojiweb/web.conf
WebCert = /etc/pki/koji/kojiweb.pem

# grep Subject: /etc/pki/koji/kojiweb.pem
        Subject: C=US, ST=Michigan, O=Dart Container Corp., OU=kojiweb, 
CN=mdct-koji.dartcontainer.com

... and just for giggles ...

# grep kojiweb /etc/pki/koji/index.txt
V       231014202129Z           03      unknown /C=US/ST=Michigan/O=Dart 
Container Corp./OU=kojiweb/CN=mdct-koji.dartcontainer.com


Did I miss something here or is there another bug beyond the one resolved 
by the patch you provided?
--
John Florian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/buildsys/attachments/20131022/afcb6361/attachment.html>

More information about the buildsys mailing list