Issue #708
closed
Pulp does not authenticate with mongodb using username with an empty password if specified
Description
Description of problem:
Pulp does not allow authentication with mongodb using username with an empty password if specified in server.conf and shows a traceback, though mongo allows access to pulp_database with an empty pass
Might be connected to BZ 1182335
Version-Release number of selected component (if applicable):
rpm -qa pulp-server
pulp-server-2.6.0-0.7.beta.fc20.noarch
Steps to Reproduce:
mongo
MongoDB shell version: 2.4.6
connecting to: test
use pulp_database
switched to db pulp_database
db.changeUserPassword("gena", "")
exit
bye
mongo pulp_database -u gena
MongoDB shell version: 2.4.6
connecting to: pulp_database
db.repos.find()
{ "_id" : ObjectId("54b7c4cb99cca86045dd3fcb"), "_ns" : "repos", "content_unit_counts" : { "erratum" : 4, "package_category" : 1, "package_group" : 2 }, "description" : null, "display_name" : "zoo_repo", "id" : "zoo_repo", "last_unit_added" : ISODate("2015-01-15T13:47:14.329Z"), "last_unit_removed" : null, "notes" : { "_repo-type" : "rpm-repo" }, "scratchpad" : { "checksum_type" : "sha256" } }
exit
bye
vi /etc/pulp/server.conf
username: gena
password:
for s in {qpidd,pulp_celerybeat,pulp_resource_manager,pulp_workers,httpd}; do sudo systemctl restart $s; done;
pulp-admin login -u admin -p admin
There was an internal server error while trying to access the Pulp application.
One possible cause is that the database needs to be migrated to the latest
version. If this is the case, run pulp-manage-db and restart the services. More
information may be found in Apache's log.
sudo -u apache pulp-manage-db
Database initialization failed: The server config specified username/password authentication but is missing either the username or the password
The server config specified username/password authentication but is missing either the username or the password
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/pulp/server/db/manage.py", line 124, in main
connection.initialize(max_timeout=1)
File "/usr/lib/python2.7/site-packages/pulp/server/db/connection.py", line 92, in initialize
raise Exception(_("The server config specified username/password authentication but "
Exception: The server config specified username/password authentication but is missing either the username or the password
mongo
MongoDB shell version: 2.4.6
connecting to: test
use pulp_database
switched to db pulp_database
db.changeUserPassword("gena", "genka")
exit
bye
vi /etc/pulp/server.conf
username: gena
password: genka
for s in {qpidd,pulp_celerybeat,pulp_resource_manager,pulp_workers,httpd}; do sudo systemctl restart $s; done;
pulp-admin rpm repo list
--------------------------------------------------------------------
RPM Repositories
--------------------------------------------------------------------
Id: zoo_repo
Display Name: zoo_repo
Description: None
Content Unit Counts:
Erratum: 4
Package Category: 1
Package Group: 2
+ This bug was cloned from Bugzilla Bug #1194676 +
.
Allow passwordless mongodb connections to be configured
MongoDB allows passwordless logins. However, Pulp was checking that both the username and password were set before attempting a login.
This patch alters the user/pass check to fail only if a password is set sans username. If a username is set sans password, a MongoDB connection will be attempted.
Note that all of the auth still happens in Mongo. This was just a "pre-check" that Pulp was doing to give a clear error message.
fixes #708