Me & my team were trying to set up Koji on Local server. We followed the guide https://docs.pagure.org/koji/server_howto/ We followed SSL Authentication.
We are constantly getting an error message after we type "koji moshimoshi"
2023-03-06 11:03:10,150 [ERROR] koji: (gssapi auth failed: requests.exceptions.SSLError: HTTPSConnectionPool(host='koji.fedoraproject.org', port=443): Max retries exceeded with url: /kojihub/ssllogin (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)')))) Use following documentation to debug kerberos/gssapi auth issues. https://docs.pagure.org/koji/kerberos_gssapi_debug/
Can anyone please guide us on how to solve the issue? We've tried multiple resources but none seemed to work. Any help would be appreciated.
On Mon, Mar 6, 2023 at 9:23 AM Tanvi Sheth tanshvi@gmail.com wrote:
Me & my team were trying to set up Koji on Local server. We followed the guide https://docs.pagure.org/koji/server_howto/ We followed SSL Authentication.
We are constantly getting an error message after we type "koji moshimoshi"
2023-03-06 11:03:10,150 [ERROR] koji: (gssapi auth failed: requests.exceptions.SSLError: HTTPSConnectionPool(host='koji.fedoraproject.org', port=443): Max retries exceeded with url: /kojihub/ssllogin (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)')))) Use following documentation to debug kerberos/gssapi auth issues. https://docs.pagure.org/koji/kerberos_gssapi_debug/
Can anyone please guide us on how to solve the issue? We've tried multiple resources but none seemed to work. Any help would be appreciated.
Did you configure the koji client to point to your cert? You may also need to import the CA cert into your local cert store.
On Mon, Mar 06, 2023 at 02:22:59PM -0000, Tanvi Sheth wrote:
Me & my team were trying to set up Koji on Local server. We followed the guide https://docs.pagure.org/koji/server_howto/ We followed SSL Authentication.
We are constantly getting an error message after we type "koji moshimoshi"
2023-03-06 11:03:10,150 [ERROR] koji: (gssapi auth failed: requests.exceptions.SSLError: HTTPSConnectionPool(host='koji.fedoraproject.org', port=443): Max retries exceeded with url: /kojihub/ssllogin (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)')))) Use following documentation to debug kerberos/gssapi auth issues. https://docs.pagure.org/koji/kerberos_gssapi_debug/
Can anyone please guide us on how to solve the issue? We've tried multiple resources but none seemed to work. Any help would be appreciated.
It looks like you are pointing your client to koji.fedoraproject.org instead of your instance. ;)
You'll want to set server in koji.conf: https://docs.pagure.org/koji/kojid_conf/
kevin
Hello,
;client certificate cert = ~/.koji/client.crt
;certificate of the CA that issued the HTTP server certificate serverca = ~/.koji/serverca.crt
Is this what you're referring to in the /etc/koji.conf file? How to import CA cert into local cert store?
Sorry I am a complete beginner in this area, I don't understand what you mean by my instance, what exactly should I provide it?
On Tue, Mar 07, 2023 at 12:49:27PM -0000, Tanvi Sheth wrote:
Hello,
;client certificate cert = ~/.koji/client.crt
;certificate of the CA that issued the HTTP server certificate serverca = ~/.koji/serverca.crt
Is this what you're referring to in the /etc/koji.conf file? How to import CA cert into local cert store?
You need to also specify 'server = https://yourserveraname/'
If you don't it will try and use https://koji.fedoraproject.org and your certs will not work there.
There's a https://docs.pagure.org/koji/server_howto/ doc that has a lot of setup info.
If you get stuck, there's also a #koji channel on libera.net.
Do note there is a very active koji for risc-v already running at: http://fedora.riscv.rocks/koji/
Hope that helps!
kevin
hello, I have followed all the steps in the said document. Can you please elaborate on the procedure to get my own server for it, i.e 'https://yourserveraname/'. Is there something I'm missing out on?
The current Koji-Risc-v is for compressed instruction set i.e rv64IMAFDC, we're trying to create one for rv65IMAFD.
On Tue, Mar 07, 2023 at 08:35:33PM -0000, Tanvi Sheth wrote:
hello, I have followed all the steps in the said document. Can you please elaborate on the procedure to get my own server for it, i.e 'https://yourserveraname/'. Is there something I'm missing out on?
Thats the server you are setting up. So, whatever ip address or hostname the server that is serving as the koji hub has. If you don't specify it reaches out to the fedoraproject koji, which has no idea about your setup.
The current Koji-Risc-v is for compressed instruction set i.e rv64IMAFDC, we're trying to create one for rv65IMAFD.
ok.
I must say the poliferation of instruction sets in riscv is very sad to see. It's giving me flashbacks to the early arm days. ;( But thats a side topic, sorry to derail things.
kevin
Thanks a lot for the response. I'm going to try it with the IP address of my system since we don't have an separate server setup. hoping that will work.
I totally agree about the Instruction sets in RiscV, Haha!
Hello, I have set up Koji Server using my network IP. I have also set up the Koji web. But I'm still facing troubles in trying to access the Hub from command line.
[kojiadmin@fedora ~]$ koji call getLoggedInUser 2023-03-09 21:50:25,900 [ERROR] koji: (gssapi auth failed: requests.exceptions.SSLError: HTTPSConnectionPool(host='192.168.44.128', port=443): Max retries exceeded with url: /kojihub/ssllogin (Caused by SSLError(SSLError(1, '[SSL: TLSV13_ALERT_CERTIFICATE_REQUIRED] tlsv13 alert certificate required (_ssl.c:2546)')))) Use following documentation to debug kerberos/gssapi auth issues. https://docs.pagure.org/koji/kerberos_gssapi_debug/ 2023-03-09 21:50:25,900 [ERROR] koji: GSSAPIAuthError: unable to obtain a session (gssapi auth failed: requests.exceptions.SSLError: HTTPSConnectionPool(host='192.168.44.128', port=443): Max retries exceeded with url: /kojihub/ssllogin (Caused by SSLError(SSLError(1, '[SSL: TLSV13_ALERT_CERTIFICATE_REQUIRED] tlsv13 alert certificate required (_ssl.c:2546)')))) Use following documentation to debug kerberos/gssapi auth issues. https://docs.pagure.org/koji/kerberos_gssapi_debug/
facing this error, could you please explain it to me incase you're aware about it? I've parallelly referred this Guide in addition to Pagure https://www.saltbaek.dk/dokuwiki/doku.php?id=koji:installation:01:start
On the web-page, the UI is in place, but displays the following message
The web interface is having difficulty communicating with the main server. This most likely indicates a network issue. requests.exceptions.ConnectionError: HTTPConnectionPool(host='192.168.44.128', port=80): Max retries exceeded with url: /kojihub (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f17d96f7910>: Failed to establish a new connection: [Errno 13] Permission denied'))
It would be a great help if I could communicate with you regarding Koji Set up. Thanks in advance !
On Thu, Mar 09, 2023 at 02:27:19PM -0000, Tanvi Sheth wrote:
Hello, I have set up Koji Server using my network IP. I have also set up the Koji web. But I'm still facing troubles in trying to access the Hub from command line.
[kojiadmin@fedora ~]$ koji call getLoggedInUser 2023-03-09 21:50:25,900 [ERROR] koji: (gssapi auth failed: requests.exceptions.SSLError: HTTPSConnectionPool(host='192.168.44.128', port=443): Max retries exceeded with url: /kojihub/ssllogin (Caused by SSLError(SSLError(1, '[SSL: TLSV13_ALERT_CERTIFICATE_REQUIRED] tlsv13 alert certificate required (_ssl.c:2546)')))) Use following documentation to debug kerberos/gssapi auth issues. https://docs.pagure.org/koji/kerberos_gssapi_debug/ 2023-03-09 21:50:25,900 [ERROR] koji: GSSAPIAuthError: unable to obtain a session (gssapi auth failed: requests.exceptions.SSLError: HTTPSConnectionPool(host='192.168.44.128', port=443): Max retries exceeded with url: /kojihub/ssllogin (Caused by SSLError(SSLError(1, '[SSL: TLSV13_ALERT_CERTIFICATE_REQUIRED] tlsv13 alert certificate required (_ssl.c:2546)')))) Use following documentation to debug kerberos/gssapi auth issues. https://docs.pagure.org/koji/kerberos_gssapi_debug/
facing this error, could you please explain it to me incase you're aware about it? I've parallelly referred this Guide in addition to Pagure https://www.saltbaek.dk/dokuwiki/doku.php?id=koji:installation:01:start
On the web-page, the UI is in place, but displays the following message
The web interface is having difficulty communicating with the main server. This most likely indicates a network issue. requests.exceptions.ConnectionError: HTTPConnectionPool(host='192.168.44.128', port=80): Max retries exceeded with url: /kojihub (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f17d96f7910>: Failed to establish a new connection: [Errno 13] Permission denied'))
It would be a great help if I could communicate with you regarding Koji Set up. Thanks in advance !
It looks like your client (koji command line) isn't offering a client cert to the server.
You need a cert for the client signed by your CA and configured in /etc/koji.conf.
I'm sorry this setup is so confusing. ;(
kevin
Hello Kevin thanks for all the help. We're finally done with our entire setup. Koji hub, CLI, Web is running on our local server.
Do you have any idea how can I go about building packages in Koji for my own OS image, i.e for Risv64 architecture ?
On Sun, Mar 12, 2023 at 06:47:06PM -0000, Tanvi Sheth wrote:
Hello Kevin thanks for all the help. We're finally done with our entire setup. Koji hub, CLI, Web is running on our local server.
Great!
Do you have any idea how can I go about building packages in Koji for my own OS image, i.e for Risv64 architecture ?
I've not bootstrapped an entire distro myself, so I am not sure what to suggest. Can you use the existing riscv builds as a initial version and then rebuild yours? If not, you may have to manually build enough packages to have a buildroot and import them into your koji (with koji import)
Other folks who have done this might have better advice.
kevin
On Tue, Mar 14, 2023 at 5:50 PM Kevin Fenzi kevin@scrye.com wrote:
On Sun, Mar 12, 2023 at 06:47:06PM -0000, Tanvi Sheth wrote:
Hello Kevin thanks for all the help. We're finally done with our entire setup. Koji
hub, CLI, Web is running on our local server.
Great!
Do you have any idea how can I go about building packages in Koji for my
own OS image, i.e for Risv64 architecture ?
I've not bootstrapped an entire distro myself, so I am not sure what to suggest. Can you use the existing riscv builds as a initial version and then rebuild yours? If not, you may have to manually build enough packages to have a buildroot and import them into your koji (with koji import)
Other folks who have done this might have better advice.
Yep, that's it. There is no easier way to start with a new distro. So, import bootstrap packages and rebuild them (or improved version) again inside the koji.
kevin _______________________________________________ koji-devel mailing list -- koji-devel@lists.fedorahosted.org To unsubscribe send an email to koji-devel-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/koji-devel@lists.fedorahosted.o... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
koji-devel@lists.fedorahosted.org