Project

Profile

Help

Issue #417

closed

Need clearer error for user-cert.pem conflicts with shared home directory between two nodes

Added by ashbyj@imsweb.com about 9 years ago. Updated almost 5 years ago.

Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
1. Low
Version:
2.3
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Documentation, Pulp 2
Sprint:
Quarter:

Description

Description of problem:
This is a pretty specific "gotcha" I was having, but had me scratching my head. Our home directories are shared across a handful of servers in our environment, so ~/.pulp/user-cert.pem can be a source of conflicts.

Version-Release number of selected component (if applicable):
Pulp 2.3 on CentOS 6.5

How reproducible:
always

Steps to Reproduce:
1. Login to parent server and do some sort of pulp-admin command.

jason@pulpmaster~> pulp-admin login -u admin
jason@pulpmaster~> pulp-admin node repo list
----------------------------------------------------------------------
Enabled Repositories
--------------------------------------------------------------------

repos are successfully listed here...

2. Try a pulp-admin command on child server. User jason has a nfs-shared home directory between pulpparent and pulpchild.

jason@pulpchild:~> pulp-admin node repo list
--------------------------------------------------------------------
Enabled Repositories
--------------------------------------------------------------------

An error occurred attempting to contact the server. More information can be
found in the client log file ~/.pulp/admin.log.

Conversely, if I log into the child first, then I can do pulp-admin commands on the child, but then I get the errors on the parent.

Actual results:

~/.pulp/admin.log shows a generic "sslv3 bad certificate" error.

Expected results:

An error message saying the ~/.pulp/user-cert.pem is invalid. I wasn't sure what certificate it was complaining about - the server cert, CA, or user cert. Also a note in the documentation about this "gotcha" would be nice for people setting up multiple pulp servers with shared user directories (per solution below).

Additional info:

The solution is to make the user cert filename host-specific in /etc/pulp/admin/admin.conf:

[filesystem]
extensions_dir = /usr/lib/pulp/admin/extensions

  1. Location to store the authentication certificate to pass to the server
    id_cert_dir = ~/.pulp
    id_cert_filename = user-cert.hostname.pem

+ This bug was cloned from Bugzilla Bug #1089487 +

Also available in: Atom PDF