After an upgrade from F17 to F18, koji-web returns Internal Server Error and kojid will not start.
The Apache log says: [Thu Mar 21 09:43:27.114799 2013] [:error] [pid 16669] InternalError: FATAL: Peer authentication failed for user "koji"
I have verified that /var/lib/pgsql/data/pg_hba.conf contains the correct entries: host koji koji 127.0.0.1/32 trust host koji apache 127.0.0.1/32 trust host koji koji ::1/128 trust host koji apache ::1/128 trust local koji apache trust local koji koji trust
SELinux is in "permissive" mode.
I can login with the koji user and connect with "psql koji" without a problem.
Did something change in F18/koji that I need to fix?
Thanks, Michael
On 03/21/2013 10:47 AM, Michael Cronenworth wrote:
After an upgrade from F17 to F18, koji-web returns Internal Server Error and kojid will not start.
The Apache log says: [Thu Mar 21 09:43:27.114799 2013] [:error] [pid 16669] InternalError: FATAL: Peer authentication failed for user "koji"
I have verified that /var/lib/pgsql/data/pg_hba.conf contains the correct entries: host koji koji 127.0.0.1/32 trust host koji apache 127.0.0.1/32 trust host koji koji ::1/128 trust host koji apache ::1/128 trust local koji apache trust local koji koji trust
SELinux is in "permissive" mode.
I can login with the koji user and connect with "psql koji" without a problem.
Did something change in F18/koji that I need to fix?
Can you psql to the db as the apache user using the same params that are given in your hub.conf?
Both F17 and F18 have koji-1.7.1 in updates. Did anything change in your hub.conf file?
On 03/21/2013 12:09 PM, Mike McLean wrote:
Can you psql to the db as the apache user using the same params that are given in your hub.conf?
No. I found that the order of pg_hba is important. The koji lines were below the default lines. Fixing the order allowed apache to login as koji. The reason for pg_hba to be misconfigured to begin with was the PostgreSQL upgrade from 9.1 (F17) to 9.2 (F18) that recreates a default pg_hba.conf after a conversion.
Both F17 and F18 have koji-1.7.1 in updates. Did anything change in your hub.conf file?
I had not made any changes to hub.conf. I'm using the defaults supplied by your package.
## Basic options ## DBName = koji DBUser = koji #DBHost = db.example.com #DBPass = example_password KojiDir = /mnt/koji
After fixing the pg_hba.conf settings and restarting services I am encountering a new error. I see the same message in attempting to view koji-web or start kojid.
http://fpaste.org/UZYQ/ (the client IP was hand-modified to .999)
The problem is fixed with the attached patch, but I'm not a koji expert so it may not be correct.
The Apache 2.4 update (F18+) requires new parameters in configuration files to allow permission to directories. Your default kojihub.conf is using the Apache 2.2 and lower style of syntax.
Apache 2.2 and lower: Order allow,deny Allow from all Apache 2.4: Require all granted
After the kojihub.conf fix I can access kojiweb.
I still can't start kojid: Mar 21 12:55:36 miracle systemd[1]: Starting SYSV: kojid server... Mar 21 12:55:37 miracle kojid[21275]: Starting kojid: Error: Unable to log in: cannot call sslLogin() via a non-https connection
Still looking...
On 03/21/2013 12:59 PM, Michael Cronenworth wrote:
I still can't start kojid: Mar 21 12:55:36 miracle systemd[1]: Starting SYSV: kojid server... Mar 21 12:55:37 miracle kojid[21275]: Starting kojid: Error: Unable to log in: cannot call sslLogin() via a non-https connection
Still looking...
Google provided the answer: http://stackoverflow.com/questions/15049503/how-do-i-determine-if-my-mod-wsg...
A WSGI 3.4 change that affects koji: https://code.google.com/p/modwsgi/wiki/ChangesInVersion0304
The attached patch fixes the problem and kojid starts. It should be portable across F17+.
buildsys@lists.fedoraproject.org