Okay. Wow, looks like I hit the jackpot, as I had just about every one
of these issues going on.
For future (searchable) reference...
I had a long-forgotten Proxy config block in the main httpd.conf. Not
only was this set to "Deny from all"
and allowing only from my domain (i.e., excluding localhost!), but I
also had a useless virtual host directive muddying
things up.
Once I took those things out, I was still getting 403 Forbidden, but the
error log message in httpd had changed to:
proxy: No protocol andler was valid for the URL /cobbler_api_rw.
I was using a shared object version of mod_proxy, so I loaded up
mod_proxy_http and mod_proxy_connect ... now the two
daemons are talking to one another. The web UI is now fully
operational.
Thanks for all your help, Michael!
-----Original Message-----
From: cobbler-bounces(a)lists.fedorahosted.org
[mailto:cobbler-bounces@lists.fedorahosted.org] On Behalf Of Michael
DeHaan
Sent: Monday, October 20, 2008 7:09 AM
To: cobbler mailing list
Subject: Re: 1.2.8 cobbler webUI <-> cobblerd issue
Steven Wagner wrote:
4. I tried uninstalling and reinstalling from the SRPM-based local
RPM at one point to try to address this issue, but got complacent and
"reinstalled" a pre-0.7.0 version through an old yum repository. I
eventually figured this out and erased the main cobbler directories
(/var/lib/cobbler and /etc/cobbler) to start over fresh.
FYI -- downgrades aren't "supported" as new config file elements are
added and/or changed. Restoring your config from a backup, etc, would
work but keep in mind there are different config files and changes in
config files. We do ensure that upgrades work, of course.
5. This box is not running selinux.
6. I didn't find any "localhost" (or, for that matter, any
"any")
values to replace in the cobbler config trees. I did, however, find
and run demo_connect.py against localhost, u: testing p:
testing ... and it worked.
This is a good sign.
Based on that, I think the problem must be somewhere in the Apache
(2.2.6) reverse proxy config, which is straight from the source RPM.
For some reason, I am not seeing any useful logging info out of Apache
and/or mod_proxy...
If you look in demo_connect.py you will see it connects to:
sp = ServerProxy("http://127.0.0.1:25152")
If you change this to:
sp = ServerProxy("http://127.0.0.1/cobbler_api_rw")
You are now going through Apache.
That may be easier than doing tests through the webapp as you
investigate your Apache config.
The Apache config files have:
ProxyPass /cobbler_api
http://localhost:25151/ ProxyPassReverse
/cobbler_api
http://localhost:25151/
ProxyPass /cobbler_api_rw
http://localhost:25152/ ProxyPassReverse
/cobbler_api_rw
http://localhost:25152/
Occasionally folks have problems with the "localhost" and need to change
this to 127.0.0.1
Also if you have done any major changes to your main Apache
configuration file, or have enabled vhosts, this may be a factor.
If Apache virtual hosts are turned on, everything must be a virtual
host, which will break cobbler's stock configuration (and you'll have to
modify it).
--Michael
-----Original Message-----
From: cobbler-bounces(a)lists.fedorahosted.org
[mailto:cobbler-bounces@lists.fedorahosted.org] On Behalf Of Michael
DeHaan
Sent: Friday, October 17, 2008 3:40 PM
To: cobbler mailing list
Subject: Re: 1.2.8 cobbler webUI <-> cobblerd issue
Steven Wagner wrote:
> Hi list!
>
> I'm looking at overhauling an existing PXE-based provisioning system
> for a blend of older Fedora servers and some CentOS development
> machines. I installed cobbler from the 1.2.8 source RPM a couple
> days
>
> ago and I'm having some trouble getting the web UI to authenticate to
> cobblerd. I can authenticate as far as Apache is concerned, but
as
> soon as I click on a link in the UI that requires an XMLRPC call, I
> get an exception that turns out to be
> "403: Forbidden."
>
>
(1) Where did you get the source RPM? Arch-specific src rpms out of
the build system have been known to cause problems. The one of my
fedorapeople page is not known to.
(2) For starters, Is "cobbler check" showing no signs of anything you
need to fix?
(3) How about sharing the relevant authn and authz sections of your
"/etc/cobbler/modules.conf" file?
(4) Is this install perhaps an upgrade from a much older version of
Cobbler? If so, that may cause problems and you should revisit
https://fedorahosted.org/cobbler/wiki/CobblerWebInterface
(5) selinux booleans can prevent connections. Cobbler check will
report on these.
(6) Try changing the any cobbler XMLRPC addresses in the Cobbler
config from localhost to 127.0.0.1, it may be that localhost does not
resolve.
> I've tried restarting both daemons, switching authentication methods
>
to
> something besides digest (didn't help).
>
>
authn_testing allows "testing/testing" ? That does not work?
Is your Apache configuration in any way modified from a stock install?
This is rather important as depending on setup options this can cause
problems.
> The user is listed as an admin group member in the authorization
> group config file. cobblerd doesn't seem to be logging output to
> /var/log/cobbler/cobblerd.log, even if I
>
uncomment
> all the debug log info at the top of
> cobblerd.
>
>
>
It's /var/log/cobbler/cobbler.log, the daemon does not have it's own
log.
> I also poked around in my Apache httpd configs, but didn't see
>
anything
> immediately off - the cobbler.conf is from the cobbler distribution,
> and authentication works as far as Apache
>
and
> mod_python are concerned.
>
> Does anyone have any ideas on how/where I can fix this? Cobbler's
>
main
> functionality seems to be okay, but I'd really like to get the web UI
> working before I go any further.
>
>
>
Sure... take a shot at the above and we can perhaps dive further
depending on answers...
It's probably something simple.
> Any help would be appreciated. Thanks!
>
> -steve
> _______________________________________________
> cobbler mailing list
> cobbler(a)lists.fedorahosted.org
>
https://fedorahosted.org/mailman/listinfo/cobbler
>
>
_______________________________________________
cobbler mailing list
cobbler(a)lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/cobbler
_______________________________________________
cobbler mailing list
cobbler(a)lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/cobbler
_______________________________________________
cobbler mailing list
cobbler(a)lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/cobbler