Need Koji Server Setup Help
Mike Bonnet
mikeb at redhat.com
Tue Oct 22 16:10:13 UTC 2013
On 10/22/13 7:52 AM, John.Florian at dart.biz wrote:
> > From: mikem at redhat.com
> >
> > On 10/16/2013 06:28 PM, Michael Cronenworth wrote:
> > > John.Florian at dart.biz wrote:
> > >> However, if I try the login link on the web page, firefox comes up
> with a
> > >> message stating:
> > >>
> > >> The page isn't redirecting properly
> > >
> > > I believe this is a bug in the latest Koji. After Fedora 18 or 19 web
> > > login broke for me and I never investigated as to why as I never
> use it.
> > > I use the CLI.
> >
> > The underlying bug is that koji's check for http vs https was breaking
> > on newer versions of mod_wsgi. This was fixed on the hub a while back,
> > but for some reason we missed it on the web ui.
> >
> > This commit should help:
> > https://git.fedorahosted.org/cgit/koji/commit/?
> > id=cf01c000a83702ee74de67b2ead3bdef51591093
>
>
> Thanks Mike! That indeed seemed to get things going in the right
> direction, but now my login link makes me think I have a certificate
> error of sorts, yet everything looks good to me. Clicking the login
> link gets me:
>
> ==> /var/log/httpd/error_log <==
> [Tue Oct 22 09:48:02.669660 2013] [:error] [pid 623] 669 [ERROR] m=login
> u=None p=623 r=10.1.0.158:34806 koji.web: Traceback (most recent call
> last):
> [Tue Oct 22 09:48:02.669694 2013] [:error] [pid 623] File
> "/usr/share/koji-web/scripts/wsgi_publisher.py", line 368, in
> handle_request
> [Tue Oct 22 09:48:02.669702 2013] [:error] [pid 623] result =
> func(environ, **data)
> [Tue Oct 22 09:48:02.669707 2013] [:error] [pid 623] File
> "/usr/share/koji-web/scripts/index.py", line 237, in login
> [Tue Oct 22 09:48:02.669713 2013] [:error] [pid 623] if not
> _sslLogin(environ, session, username):
> [Tue Oct 22 09:48:02.669717 2013] [:error] [pid 623] File
> "/usr/share/koji-web/scripts/index.py", line 125, in _sslLogin
> [Tue Oct 22 09:48:02.669722 2013] [:error] [pid 623]
> proxyuser=username)
> [Tue Oct 22 09:48:02.669727 2013] [:error] [pid 623] File
> "/usr/lib/python2.7/site-packages/koji/__init__.py", line 1726, in
> ssl_login
> [Tue Oct 22 09:48:02.669732 2013] [:error] [pid 623] sinfo =
> self.callMethod('sslLogin', proxyuser)
> [Tue Oct 22 09:48:02.669746 2013] [:error] [pid 623] File
> "/usr/lib/python2.7/site-packages/koji/__init__.py", line 1775, in
> callMethod
> [Tue Oct 22 09:48:02.669752 2013] [:error] [pid 623] return
> self._callMethod(name, args, opts)
> [Tue Oct 22 09:48:02.669757 2013] [:error] [pid 623] File
> "/usr/lib/python2.7/site-packages/koji/__init__.py", line 1914, in
> _callMethod
> [Tue Oct 22 09:48:02.669761 2013] [:error] [pid 623] raise err
> [Tue Oct 22 09:48:02.669766 2013] [:error] [pid 623] AuthError:
> CN=mdct-koji.dartcontainer.com,OU=kojiweb,O=Dart Container
> Corp.,ST=Michigan,C=US is not authorized to login other users
>
> My setup is as follows:
>
> # grep ProxyDNs /etc/koji-hub/hub.conf
> ProxyDNs = /C=US/ST=Michigan/O=Dart Container
> Corp./OU=kojiweb/CN=mdct-koji.dartcontainer.com
This looks like a change in the format mod_ssl uses for the
SSL_CLIENT_S_DN variable. If you change the ProxyDNs entry to match the
DN printed in the backtrace, it should fix the problem.
> # grep WebCert /etc/kojiweb/web.conf
> WebCert = /etc/pki/koji/kojiweb.pem
>
> # grep Subject: /etc/pki/koji/kojiweb.pem
> Subject: C=US, ST=Michigan, O=Dart Container Corp., OU=kojiweb,
> CN=mdct-koji.dartcontainer.com
>
> ... and just for giggles ...
>
> # grep kojiweb /etc/pki/koji/index.txt
> V 231014202129Z 03 unknown /C=US/ST=Michigan/O=Dart
> Container Corp./OU=kojiweb/CN=mdct-koji.dartcontainer.com
>
>
> Did I miss something here or is there another bug beyond the one
> resolved by the patch you provided?
> --
> John Florian
>
>
> --
> buildsys mailing list
> buildsys at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/buildsys
>
More information about the buildsys
mailing list