HI:
I'm using CentOS 5.2 for my Koji Server, but now I have a problem about Koji
CLI auth.
According the wiki document in
http://fedoraproject.org/wiki/Koji/ServerHowTo , I setup my
Koji-hub、Koji-web、postgresql
, and have a koji web interface.
I also setup my CA Center,and configure the
kojiweb.conf、kojihub.conf、/etc/koji.conf.
But when i execute the koji command with no username and password, the
messages is:
Error: [('PEM routines', 'PEM_read_bio', 'no start line'),
('SSL routines',
'SSL_CTX_use_PrivateKey_file', 'PEM lib')]
why?
thanks.....
/etc/koji.conf:
[koji]
;configuration for koji cli tool
;url of XMLRPC server
;server =
http://koji.fedoraproject.org/kojihub
server =
http://koji.ossii.com.tw/kojihub
;url of web interface
;weburl =
http://koji.fedoraproject.org/koji
weburl =
http://koji.ossii.com.tw/koji
;url of package download site
;pkgurl =
http://koji.fedoraproject.org/packages
pkgurl =
http://koji.ossii.com.tw/packages
;path to the koji top directory
topdir = /mnt/koji
;configuration for SSL athentication
;client certificate
;cert = ~/.fedora.cert
cert = /etc/kojid/kojiadmin.crt
;certificate of the CA that issued the client certificate
;ca = ~/.fedora-upload-ca.cert
ca = /etc/kojid/kojiadmin.key
;certificate of the CA that issued the HTTP server certificate
;serverca = ~/.fedora-server-ca.cert
serverca = /etc/httpd/conf.d/ssl/ossiikojica.crt
kojihub.conf:
<Directory /usr/share/koji-hub>
SetHandler mod_python
PythonHandler kojixmlrpc
PythonOption DBName koji
PythonOption DBUser kevin
PythonOption DBHost 127.0.0.1
PythonOption KojiDir /mnt/koji
# Kerberos auth configuration
# PythonOption AuthPrincipal kojihub(a)EXAMPLE.COM
# PythonOption AuthKeytab /etc/koji.keytab
# PythonOption ProxyPrincipals kojihub(a)EXAMPLE.COM
# format string for host principals (%s = hostname)
# PythonOption HostPrincipalFormat compile/%s(a)EXAMPLE.COM
# end Kerberos auth configuration
# SSL client certificate auth configuration
# the client username is the common name of the subject of their
client certificate
PythonOption DNUsernameComponent CN
# separate multiple DNs with |
# PythonOption ProxyDNs "/C=US/ST=Massachusetts/O=Example
Org/OU=Example User/CN=example/emailAddress=example(a)example.com"
PythonOption ProxyDNs "/C=TW/ST=Taiwan/O=OSSII/OU=Koji Hub
Server/CN=OSSII Koji Server CA/emailAddress=kevin.lin(a)ossii.com.tw"
# end SSL client certificate auth configuration
PythonOption LoginCreatesUser On
PythonOption KojiWebURL
http://koji.ossii.com.tw/koji
# The domain name that will be appended to Koji usernames
# when creating email notifications
PythonOption EmailDomain
example.com
# PythonOption KojiDebug On
# PythonOption KojiTraceback "extended"
# sending tracebacks to the client isn't very helpful for debugging
xmlrpc
PythonDebug Off
# autoreload is mostly useless to us (it would only reload
kojixmlrpc.py)
PythonAutoReload Off
</Directory>
# uncomment this to enable authentication via SSL client certificates
<Location /kojihub>
SSLOptions +StdEnvVars
</Location>
# these options must be enabled globally (in ssl.conf)
SSLVerifyClient require
SSLVerifyDepth 10
kojiweb.conf:
Alias /koji "/usr/share/koji-web/scripts/"
<Directory "/usr/share/koji-web/scripts/">
# Config for the publisher handler
SetHandler mod_python
PythonHandler mod_python.publisher
# General settings
PythonDebug On
PythonOption KojiHubURL
http://koji.ossii.com.tw/kojihub
PythonOption KojiWebURL
http://koji.ossii.com.tw/koji
PythonOption KojiPackagesURL
http://koji.ossii.com.tw/koji/packages
PythonOption WebPrincipal koji/kevin.lin(a)ossii.com.tw
PythonOption WebKeytab /etc/httpd.keytab
PythonOption WebCCache /var/tmp/kojiweb.ccache
PythonOption WebCert /etc/httpd/conf.d/ssl/kojiweb.crt
PythonOption ClientCA /etc/httpd/conf.d/ssl/kojiweb.key
PythonOption KojiHubCA /etc/httpd/conf.d/ssl/ossiikojica.crt
PythonOption LoginTimeout 72
# This must be changed before deployment
PythonOption Secret CHANGE_ME
PythonPath "sys.path + ['/usr/share/koji-web/lib']"
PythonCleanupHandler kojiweb.handlers::cleanup
PythonAutoReload Off
</Directory>
<Location /koji/login>
SSLOptions +StdEnvVars
</Location>
# these options must be enabled globally (in ssl.conf)
SSLVerifyClient require
SSLVerifyDepth 10
Alias /koji-static/ "/usr/share/koji-web/static/"
<Directory "/usr/share/koji-web/static/">
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>
ssl.conf
SSLCertificateFile /etc/httpd/conf.d/ssl/kojihub.crt
SSLCertificateKeyFile /etc/httpd/conf.d/ssl/kojihub.key
SSLCACertificateFile /etc/httpd/conf.d/ssl/ossiikojica.crt
SSLVerifyClient require
SSLVerifyDepth 10
--
=============================================================================
林毓能
Linul
RedHat Certified Engineer
TsLG網路工作室:http://www.tslg.idv.tw
TsLG城市午後:http://blog.tslg.idv.tw
Linul攝影紀實:http://photo.tslg.idv.tw
手機:0939797462
E-mail : kevin.linul(a)gmail.com; linul(a)tslg.idv.tw
=============================================================================