Project

Profile

Help

Actions
Send by e-mail Copy link

Issue #8290

closed

Pulp_ansible unable to sync from galaxy endpoint with token whereas ansible-galaxy client can

Added by sajha over 3 years ago. Updated over 3 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
-
Sprint/Milestone:
0.7.1
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Platform Release:
OS:
Triaged:
No
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:

Description

Steps to reproduce: Set up a remote with a token and point to a galaxy instance.

 {
            "auth_url": null,
            "ca_cert": null,
            "client_cert": null,
            "client_key": null,
            "download_concurrency": 10,
            "name": "hub_1-128797",
            "password": null,
            "policy": "immediate",
            "proxy_url": null,
            "pulp_created": "2021-02-19T19:05:47.231796Z",
            "pulp_href": "/pulp/api/v3/remotes/ansible/collection/91c20a7d-8477-48d8-86df-46755cdffcae/",
            "pulp_last_updated": "2021-02-22T16:53:00.377091Z",
            "requirements_file": "---\ncollections:\n- ibm.cloudcollection",
            "tls_validation": false,
            "token": "xxx-valid-token-xxx",
            "url": "https://hostname/api/galaxy/content/community/",
            "username": null
        },

When syncing this, I get a 403 from the endpoint with the following logs:

Feb 22 17:13:53 hub-sat1-v4-2-1-jhardy gunicorn[74032]: pulp: django.request:WARNING: Forbidden: /api/galaxy/content/community/
Feb 22 17:13:53 hub-sat1-v4-2-1-jhardy gunicorn[74032]: pulp [-]:  - - [22/Feb/2021:17:13:53 +0000] "GET /api/galaxy/content/community/ HTTP/1.0" 403 112 "-" "pulpcore/3.7.3 (cpython 3.6.8-final0, Linux x86_64) (aiohttp 3.7.2)"
Feb 22 17:13:54 hub-sat1-v4-2-1-jhardy gunicorn[74032]: pulp: django.request:WARNING: Forbidden: /api/galaxy/content/community/api/
Feb 22 17:13:54 hub-sat1-v4-2-1-jhardy gunicorn[74032]: pulp [-]:  - - [22/Feb/2021:17:13:54 +0000] "GET /api/galaxy/content/community/api/ HTTP/1.0" 403 112 "-" "pulpcore/3.7.3 (cpython 3.6.8-final0, Linux x86_64) (aiohttp 3.7.2)"

PS: "tls_validation": false is set on the remote.

A ansible-galaxy client with the below cfg file:

[galaxy] server_list = community_repo

[galaxy_server.community_repo] url=https://hostname/api/galaxy/content/community/ token=xxx-valid-token-xxx

gives the following results:

Secure:

# ansible-galaxy collection install -p ./ ibm.cloudcollection
Process install dependency map
ERROR! Unknown error when attempting to call Galaxy at 'https://hub-sat1-v4-2-1-jhardy.c.ansible-tower-engineering.internal/api/galaxy/content/community/api': <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)>

Ignore SSL certificate validation errors with -c :

# ansible-galaxy collection install -c -p ./ ibm.cloudcollection
Process install dependency map
Starting collection install process
Installing 'ibm.cloudcollection:1.21.0' to '/root/ansible_collections/ibm/cloudcollection'

Expected result: Pulp_Ansible should be able to ignore cert validations and sync successfully when tls_validation is off.

Actions
Send by e-mail Copy link

Also available in: Atom PDF