Project

Profile

Help

Issue #409

Pulp fails to report filesystem permission denied errors when it cannot write the protected repos file

Added by ashbyj@imsweb.com almost 7 years ago. Updated over 1 year ago.

Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
1. Low
Version:
2.3
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

, I’m trying to update an existing repository with:

pulp-admin rpm repo update --repo-id='Dev-CentOS65-updates-x86_64' --display-name='CentOS 6.5 updates - Dev environment'

which gives an error:

The server indicated one or more values were incorrect. The server provided the
following error message:

Pulp exception occurred: PulpDataException

More information can be found in the client log file ~/.pulp/admin.log.

Heres ~/.pulp/admin.log:

2014-03-25 15:25:50,031 - ERROR - Exception occurred:
href: /pulp/api/v2/repositories/Dev-CentOS65-updates-x86_64/
method: PUT
status: 400
error: Pulp exception occurred: PulpDataException
traceback: None
data: {u'args': 13, u'Permission denied'}

I also tried with sudo in front, but I seem to get the same error. Here is /var/log/pulp/pulp.log:

2014-03-25 15:28:22,061 pulp.server.webservices.middleware.exception:ERROR: Pulp exception occurred: PulpDataException
Traceback (most recent call last):
File "/usr/lib/python2.6/site-packages/pulp/server/webservices/middleware/exception.py", line 44, in call
return self.app(environ, start_response)
File "/usr/lib/python2.6/site-packages/pulp/server/webservices/middleware/postponed.py", line 39, in call
return self.app(environ, start_response)
File "/usr/lib/python2.6/site-packages/web/application.py", line 279, in wsgi
result = self.handle_with_processors()
File "/usr/lib/python2.6/site-packages/pulp/server/webservices/application.py", line 26, in _handle_with_processors
return process(self.processors)
File "/usr/lib/python2.6/site-packages/pulp/server/webservices/application.py", line 23, in process
return p(lambda : process(processors))
File "/usr/lib/python2.6/site-packages/web/application.py", line 566, in processor
return handler()
File "/usr/lib/python2.6/site-packages/pulp/server/webservices/application.py", line 23, in <lambda>
return p(lambda : process(processors))
File "/usr/lib/python2.6/site-packages/pulp/server/webservices/application.py", line 23, in process
return p(lambda : process(processors))
File "/usr/lib/python2.6/site-packages/web/application.py", line 581, in processor
result = handler()
File "/usr/lib/python2.6/site-packages/pulp/server/webservices/application.py", line 23, in <lambda>
return p(lambda : process(processors))
File "/usr/lib/python2.6/site-packages/pulp/server/webservices/application.py", line 25, in process
return self.handle()
File "/usr/lib/python2.6/site-packages/web/application.py", line 230, in handle
return self._delegate(fn, self.fvars, args)
File "/usr/lib/python2.6/site-packages/web/application.py", line 420, in _delegate
return handle_class(cls)
File "/usr/lib/python2.6/site-packages/web/application.py", line 396, in handle_class
return tocall(*args)
File "/usr/lib/python2.6/site-packages/pulp/server/webservices/controllers/decorators.py", line 227, in _auth_decorator
value = method(self, *args, **kwargs)
File "/usr/lib/python2.6/site-packages/pulp/server/webservices/controllers/repositories.py", line 288, in PUT
repo = execution.execute(call_request)
File "/usr/lib/python2.6/site-packages/pulp/server/dispatch/task.py", line 137, in _run
result = call(*args, **kwargs)
File "/usr/lib/python2.6/site-packages/pulp/server/managers/repo/cud.py", line 426, in update_repo_and_plugins
distributor_manager.update_distributor_config(repo_id, dist_id, dist_config)
File "/usr/lib/python2.6/site-packages/pulp/server/managers/repo/distributor.py", line 307, in update_distributor_config
result = distributor_instance.validate_config(transfer_repo, call_config, config_conduit)
File "/usr/lib/pulp/plugins/distributors/yum_distributor/distributor.py", line 195, in validate_config
self.process_repo_auth_certificate_bundle(repo.id, repo_relative_path, auth_cert_bundle)
File "/usr/lib/pulp/plugins/distributors/yum_distributor/distributor.py", line 262, in process_repo_auth_certificate_bundle
protected_repo_utils_obj.delete_protected_repo(repo_relative_path)
File "/usr/lib/python2.6/site-packages/pulp_rpm/repo_auth/protected_repo_utils.py", line 75, in delete_protected_repo
f.save()
File "/usr/lib/python2.6/site-packages/pulp_rpm/repo_auth/protected_repo_utils.py", line 155, in save
f = open(self.filename, 'w')
PulpDataException: Pulp exception occurred: PulpDataException

I’m running pulp 2.3 (I believe that’s the stable version?) on CentOS 6.5. I’m just getting started setting my pulp server and repositories up. Here’s how I created the repos:

pulp-admin rpm repo create --repo-id=CentOS65-updates-x86_64 --feed=http://mirror.umd.edu/centos/6.5/updates/x86_64 --max-speed=1000000 --max-downloads=2
pulp-admin rpm repo sync run --repo-id=CentOS65-updates-x86_64
  1. “freeze” the updates repo by copying to a separate repo
    pulp-admin rpm repo create --repo-id=Dev-CentOS65-updates-x86_64
    pulp-admin rpm repo copy all --from-repo-id=CentOS65-updates-x86_64 --to-repo-id=Dev-CentOS65-updates-x86_64
    pulp-admin rpm repo publish run --repo-id=Dev-CentOS65-updates-x86_64

That’s all good, but when I try to update the repository per above it errors out. I have a vanilla install of the pulp-server, except for the SSL certs. My pulp server is a sub/intermediary-CA of our root CA, so not sure if it’s a cert issue here. My server and CA certs look good per openssl verify, curl, and apache checks.

+ This bug was cloned from Bugzilla Bug #1081091 +

History

#1 Updated by ashbyj@imsweb.com almost 7 years ago

Reply from Randy Barlow:

File
"/usr/lib/python2.6/site-packages/pulp_rpm/repo_auth/protected_repo_utils.py",
line 155, in save

f = open(self.filename, 'w')

PulpDataException: Pulp exception occurred: PulpDataException

Hi Jason,

This permission denied error is actually a Linux permission denied on
your protected repos file. In /etc/pulp/repo_auth.conf, there should be
a setting in the [repos] section for protected_repo_listing_file. Apache
will need write permissions to that path. Can you check the permissions?

By default, this path is /etc/pki/pulp/content/pulp-protected-repos. I
think a reasonable argument could be made that this file belongs in /var
rather than /etc, but that's a separate discussion.

If the permissions are not solid, can you comment back on whether you
have adjusted FS permissions, or whether these are the stock
permissions? It's possible that our spec file has these permissions wrong.

Also, it would be helpful if you could file a bug on the error reporting
here. It wasn't easy to determine what was causing the problem!

--
Randy Barlow
Raleigh, NC, USA

_**________________________________________
Pulp-list mailing list

https://www.redhat.com/mailman/listinfo/pulp-list

+ This comment was cloned from Bugzilla #1081091 comment 1 +

#2 Updated by ashbyj@imsweb.com almost 7 years ago

I had changed protected_repo_listing_file in /etc/pulp/repo_auth.conf to a custom path and you're right that my permissions were incorrect. I ran chmod 755 on the content directory with owner:group as apache:apache and all looks good now! Many thanks.

+ This comment was cloned from Bugzilla #1081091 comment 2 +

#3 Updated by rbarlow almost 7 years ago

Hi Jason, I'd like to keep this open because it would have been nice if Pulp had given you better information about what was wrong in this case. I renamed the bug to be about the error reporting.

Thanks for letting us know about this issue!

+ This comment was cloned from Bugzilla #1081091 comment 3 +

#4 Updated by bmbouter over 6 years ago

  • Severity changed from Low to 1. Low

#5 Updated by bmbouter over 6 years ago

  • Tags deleted (Reopened)

#6 Updated by bmbouter over 2 years ago

  • Status changed from NEW to CLOSED - WONTFIX

#7 Updated by bmbouter over 2 years ago

Pulp 2 is approaching maintenance mode, and this Pulp 2 ticket is not being actively worked on. As such, it is being closed as WONTFIX. Pulp 2 is still accepting contributions though, so if you want to contribute a fix for this ticket, please reopen or comment on it. If you don't have permissions to reopen this ticket, or you want to discuss an issue, please reach out via the developer mailing list.

#8 Updated by bmbouter over 2 years ago

  • Tags Pulp 2 added

#9 Updated by bmbouter over 1 year ago

  • Category deleted (14)

We are removing the 'API' category per open floor discussion June 16, 2020.

Please register to edit this issue

Also available in: Atom PDF