Thanks for getting back to me.
In the interests of making progress while America was enjoying
thanksgiving, I decided to get a passwordless setup going, which is now
working.
I will have to set up another vm to test password stuff, but I don't know
when I will get to do that.
I found the documentation for how to set up the the qpid password stuff to
be quite confusing. Apparently the qpid configuration file had moved from
/etc/qpidd.conf to /etc/qpid/qpidd.conf, and this is not reflected in the
qpid docs! I was initially quite confused about what file I was supposed to
be editing, and initially I put those changes in /etc/sasl2/qpidd.conf !
Regarding the sasl2 changes, there was a typo:
/etc/sasl2/qpidd.conf
mech_list: DIGEST-MD5
I removed ANONYMOUS, EXTERNAL and PLAIN. The other possibility is GSSAPI,
but that implies Kerberos, which I am not using.
The broker_url also had a typo, and the user and password words are of
course placeholders for other values.
/etc/pulp/server.conf
broker_url: qpid://user:password@localhost/
And the user and password were set up with the command
saslpasswd2 -f /var/lib/qpidd/qpidd.sasldb -u QPID user
They were set up to match.
I will leave this thread be until I get to set up a test vm. Then I will
have to try it again and inspect those logs.
Thanks for the help.
Ben.
On 2 December 2014 1:40:20 AM Brian Bouterse <[email protected]> wrote:
Hi Ben,
Here are some thoughts that may help you identify the problem. Migration
0009 tries to connect to the broker, so its likely that Pulp cannot
successfully connect to Qpid.
- I typically don't set anything in /etc/sasl2/qpidd.conf. Perhaps that
feature is not working as expected. The Qpid docs may also be helpful in
getting the configuration of Qpid correct.
- The /etc/qpid/qpidd.conf looks like Qpid should require authentication
and use the realm QPID, which looks correct. You can use the trace mode of
Qpid to get more info on the output of the client.
- Your broker url uses a protocol handler 'paid'. I expect it to be
'qpid://user:password@localhost/'. If this is actually your broker string
then I don't expect it would work.
- I assume your SASL user named 'user' has the password set as 'password'
to match the broker string that you gave Pulp.
- Getting the trace output of Qpid will help identify the root cause I
believe. Also the Pulp output logs would be good too. You should look in
those places for errors.
Brian
----- Original Message -----
> From: "ben stanley" <[email protected]>
> To: [email protected]
> Sent: Thursday, November 27, 2014 12:47:59 AM
> Subject: [Pulp-list] pulp-manage-dbl sasl negotiation failed
>
> Hi,
>
> I am trying to set up a pulp server, according to the instructions at
>
> http://pulp-user-guide.readthedocs.org/en/pulp-2.4/installation.html
>
> I am working on RHEL7 Workstation x86_64.
>
> I am trying to use authentication for qpid messaging. I made the following
> changes (after unraveling some curly documentation):
>
> /etc/sasl2/qpidd.conf
> much_list: DIGEST-MD5
>
> /etc/qpid/qpidd.conf
> auth=yes
> realm=QPID
>
> /etc/pulp/server.conf
> broker_url: paid://user:password@localhost/
>
> I also configured the sasl password:
>
> saslpasswd2 -f /var/lib/qpidd/qpidd.sasldb -u QPID user
>
> I have started the following services, and verified that they are running:
> mongod qpidd
>
> The problem comes about at the step of initializing pulp's database:
>
> sudo -u apache pulp-manage-db
> Loading content types.
> Content types loaded.
> Ensuring the admin role and user are in place.
> Admin role and user are in place.
> Beginning database migrations.
> Applying pulp.server.db.migrations.0009_qpid_queues failed.
>
> Halting migrations due to a migration failure. See log for details.
> sasl negotiation failed: no mechanism agreed
>
> I need some help to diagnose the problem so that I can complete this step.
> There is nothing important in the database yet, so it is acceptable to
> erase it and start again (if I knew how).
>
> Thanks,
> Ben Stanley
>
>
> _______________________________________________
> Pulp-list mailing list
> [email protected]
> https://www.redhat.com/mailman/listinfo/pulp-list
>
_______________________________________________
Pulp-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/pulp-list
