Hello,
I am currently working on deploying a small build system based on mock/koji
The system is very simple, just one server hosting the builds and koji (another buidl system may be added later, but that is not the issue at thje present time).
I am having some troubles deploying koji. The only document I have found is the ServerHowTo (http://fedoraproject.org/wiki/Koji/ServerHowTo). I retrieved the koji, koji-hub, koji-web and koji-utils packages and installd them successfully on my server.
I configured koji to use SSL following the guidelines. Not being a SSL expert, I think I did not do any error, but it was tricky since filenames change between the certificate creation section and the kojihub/kojweb/kojid configuration sections. and I configured all 4 servers (kojihub, kojiweb, kojira, kojid) to be hosted on the same server, named murray.
However, when I try to use koji, I get the following error:
[koji@murray ~]$ koji add-user userTest Kerberos authentication failed: 'No credentials cache found' (-1765328189) [koji@murray ~]$
I have modified the /etc/koji.conf (though it is not mentioned in the How To) as follows, to ensure it will use SSL:
[root@murray ~]# more /etc/koji.conf [koji] ;configuration for koji cli tool ;url of XMLRPC server server = http://murray.mysite.hp.com/kojihub ;url of web interface weburl = http://murray.mysite.hp.com/koji ;url of package download site pkgurl = http://murray.mysite.hp.com/packages ;path to the koji top directory topdir = /mnt/koji ;configuration for SSL athentication ;client certificate cert = /etc/kojiweb/clients/certs/koji.cert ;certificate of the CA that issued the client certificate ca = /etc/kojiweb/clients/koji_ca_cert.crt ;certificate of the CA that issued the HTTP server certificate serverca = /etc/kojiweb/clients/koji_ca_cert.crt
koji_ca_cert.crt being the ca certificate I generated and koji.cert a certificate I generated for the koji user. This is my first problem. Can anyone help me on this ?
My other problem is with the servers. I configured my apache and started it to have the kojihub and kojiweb started. I then want to perform some add--user, add-host commands. But I get the message "unable to connect to server".
[root@murray ~]# koji --noauth add-host murray.mysite.hp.com i386 x86_64 Error: Unable to connect to server
With the following logs from httpd: [Thu Nov 15 10:28:51 2007] [error] [client X.X.X.X] PythonHandler kojixmlrpc: Traceback (most recent call last): [Thu Nov 15 10:28:51 2007] [error] [client X.X.X.X] PythonHandler kojixmlrpc: File "/usr/lib/python2.4/site-packages/mod_python/apache.py", line 299, in HandlerDispatch\n result = object(req) [Thu Nov 15 10:28:51 2007] [error] [client X.X.X.X] PythonHandler kojixmlrpc: File "/usr/share/koji-hub/kojixmlrpc.py", line 278, in handler\n context.cnx = koji.db.connect(opts.get("KojiDebug",False)) [Thu Nov 15 10:28:51 2007] [error] [client X.X.X.X] PythonHandler kojixmlrpc: File "/usr/lib/python2.4/site-packages/koji/db.py", line 128, in connect\n conn = pgdb.connect(**opts) [Thu Nov 15 10:28:51 2007] [error] [client X.X.X.X] PythonHandler kojixmlrpc: File "/usr/lib/python2.4/site-packages/pgdb.py", line 383, in connect\n dbtty, dbuser, dbpasswd) [Thu Nov 15 10:28:51 2007] [error] [client X.X.X.X] PythonHandler kojixmlrpc: InternalError: could not connect to server: Connection refused\n\tIs the server running on host "murray.mysite.hp.com" and accepting\n\tTCP/IP connections on port 5432?\n
Do you know what it comes from ?
I can supply my other conf files, if needed. But I strictly followed the Howto nstructions for the configuration files.
Reagrds, Guillaume Degremont
PS: for security related reasons, I replaced the ipaddress with X.X.X.X and changed the hostname and fully qualified domain name with dummy ones ^^
On Nov 15, 2007, at 10:17 AM, Degremont, Guillaume wrote:
I am having some troubles deploying koji. The only document I have found is the ServerHowTo (http://fedoraproject.org/wiki/Koji/ServerHowTo ).
Guillaume,
I completely feel your pain, the first time I tried to setup Koji was a bit of hell due to the lack of documentation and proper 'howtos'. I haven't been using Koji for a while, and have only installed it twice so please excuse any ignorance on my part.
That said:
However, when I try to use koji, I get the following error:
[koji@murray ~]$ koji add-user userTest Kerberos authentication failed: 'No credentials cache found' (-1765328189) [koji@murray ~]$
In the HowTo, did you follow the steps about creating the users/ passwords in PostGreSQL database directly, and getting PostGreSQL up and running? Last I used Koji the utilities did not handle adding users, so those operations have do be done via SQL within PostGres.
I have modified the /etc/koji.conf (though it is not mentioned in the How To) as follows, to ensure it will use SSL:
[root@murray ~]# more /etc/koji.conf [koji] ;configuration for koji cli tool ;url of XMLRPC server server = http://murray.mysite.hp.com/kojihub ...
Being that it is SSL, shouldn't these url addresses start with https:// rather than http://? Again, forgive me as I haven't setup Koji in a long time.
My other problem is with the servers. I configured my apache and started it to have the kojihub and kojiweb started. I then want to perform some add--user, add-host commands. But I get the message "unable to connect to server".
1) I know you mentioned that the w.x.y.z IP Addresses were replaced here in your email with dummy ones, same for hostnames. However, being that you are running everything on the same box, you may wish to consider using 'localhost'. For one, if this server is NATd or behind a firefall (on private IPs) then using the real IP/Hostname may not work for you. It would be best to use localhost, or the Primary IP that is configured on ETH0. Additionally, if you are using hostnames you want to verify that the hostname is resolving to the IP that is configured on the NIC (not necessary the IP that the hostname should point to publicly). Meaning if you are on a private network ensure that /etc/hosts is configured properly.
[root@murray ~]# koji --noauth add-host murray.mysite.hp.com i386 x86_64 Error: Unable to connect to server
With the following logs from httpd: [Thu Nov 15 10:28:51 2007] [error] [client X.X.X.X] PythonHandler kojixmlrpc: Traceback (most recent call last): [Thu Nov 15 10:28:51 2007] [error] [client X.X.X.X] PythonHandler kojixmlrpc: File "/usr/lib/python2.4/site-packages/mod_python/ apache.py", line 299, in HandlerDispatch\n result = object(req) [Thu Nov 15 10:28:51 2007] [error] [client X.X.X.X] PythonHandler kojixmlrpc: File "/usr/share/koji-hub/kojixmlrpc.py", line 278, in handler\n context.cnx = koji.db.connect(opts.get("KojiDebug",False)) [Thu Nov 15 10:28:51 2007] [error] [client X.X.X.X] PythonHandler kojixmlrpc: File "/usr/lib/python2.4/site-packages/koji/db.py", line 128, in connect\n conn = pgdb.connect(**opts) [Thu Nov 15 10:28:51 2007] [error] [client X.X.X.X] PythonHandler kojixmlrpc: File "/usr/lib/python2.4/site-packages/pgdb.py", line 383, in connect\n dbtty, dbuser, dbpasswd) [Thu Nov 15 10:28:51 2007] [error] [client X.X.X.X] PythonHandler kojixmlrpc: InternalError: could not connect to server: Connection refused\n\tIs the server running on host "murray.mysite.hp.com" and accepting\n\tTCP/IP connections on port 5432?\n
Do you know what it comes from ?
Looking at the apache log entries it really looks like the issue is with the PostGreSQL server. Note the last log entry:
[Thu Nov 15 10:28:51 2007] [error] [client X.X.X.X] PythonHandler kojixmlrpc: InternalError: could not connect to server: Connection refused\n\tIs the server running on host "murray.mysite.hp.com" and accepting\n\tTCP/IP connections on port 5432?\n
Can you verify that PostGreSQL is running on host 'murrar.mysite.hp.com' (and that the address is resolvable and accessible just as stated.... meaning from the box that is running the web frontends, can you ping the server (this goes back to the last stuff I was mentioning about 'localhost' etc.
Good luck.
BJ
buildsys@lists.fedoraproject.org