You need to replace REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'] =
with REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES = On Tue, Apr 21, 2020 at 10:09 PM Bin Li (BLOOMBERG/ 120 PARK) < [email protected]> wrote: > This setting actually failed to restart pulp. See errors below. > > Apr 21 21:56:27 ip-1-76-158-49 gunicorn[24414]: NameError: name > 'REST_FRAMEWORK' is not defined > Apr 21 21:56:27 ip-1-76-158-49 gunicorn[24414]: [2020-04-21 21:56:27 > -0400] [24417] [INFO] Worker exiting (pid: 24417) > Apr 21 21:56:27 ip-1-76-158-49 gunicorn[24414]: [2020-04-21 21:56:27 > -0400] [24414] [INFO] Shutting down: Master > Apr 21 21:56:27 ip-1-76-158-49 gunicorn[24414]: [2020-04-21 21:56:27 > -0400] [24414] [INFO] Reason: Worker failed to boot. > Apr 21 21:56:27 ip-1-76-158-49 systemd[1]: pulpcore-api.service: main > process exited, code=exited, status=3/NOTIMPLEMENTED > Apr 21 21:56:27 ip-1-76-158-49 systemd[1]: Unit pulpcore-api.service > entered failed state. > Apr 21 21:56:27 ip-1-76-158-49 systemd[1]: pulpcore-api.service failed. > Apr 21 21:56:27 ip-1-76-158-49 systemd[1]: > pulpcore-resource-manager.service holdoff time over, scheduling restart. > > > From: Bin Li (BLOOMBERG/ 120 PARK) At: 04/21/20 21:32:49 > To: [email protected] > Cc: [email protected] > Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication > > Yes, I did > # pip list |grep dynaconf > dynaconf 3.0.0rc1 > > > From: [email protected] At: 04/21/20 20:01:00 > To: Bin Li (BLOOMBERG/ 120 PARK ) <[email protected]> > Cc: [email protected] > Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication > > Did you update dynaconf to 3.0.0rc1? There was a bug that caused the > settings to get merged instead of overwritten. > > [0] https://pulp.plan.io/issues/6244 > [1] https://pypi.org/project/dynaconf/3.0.0rc1/ > > On Tue, Apr 21, 2020 at 5:59 PM Bin Li (BLOOMBERG/ 120 PARK) < > [email protected]> wrote: > >> I have followed the setup >> https://www.nginx.com/blog/nginx-plus-authenticate-users/ to setup nginx >> LDAP authentication. >> >> This command works "http -a admin:password GET >> localhost/pulp/api/v3/repositories/rpm/rpm/ Cookie:nginxauth=XXXXXXX". The >> Cookie is the base64 encoded ldap username and password. >> >> I assume I should follow the below so I don't have to specify admin:pwd >> >> https://docs.pulpproject.org/installation/authentication.html#webserver-auth-with-reverse-proxy >> >> Adding the below to settings.py doesn't seem to work. >> REMOTE_USER_ENVIRON_NAME = 'HTTP_REMOTE_USER' >> AUTHENTICATION_BACKENDS = >> ['pulpcore.app.authentication.PulpNoCreateRemoteUserBackend'] >> REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'] = ( >> 'rest_framework.authentication.SessionAuthentication', >> 'pulpcore.app.authentication.PulpRemoteUserAuthentication' >> >> I am a little confused what need to be added for this setup. >> nginx <---http---> gunicorn <----WSGI----> pulpcore.app.wsgi application >> >> Please advise >> Thanks >> >> >> From: [email protected] At: 04/17/20 10:45:31 >> To: Bin Li (BLOOMBERG/ 120 PARK ) <[email protected]> >> Cc: [email protected] >> Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication >> >> Theoretically you should be able to use pulpcore-client even with LDAP >> authentication in the web server. However, I have not tested this. I've >> only helped users that use certificate authentication in the webserver. >> What error are you seeing on the client side? Do you see any errors in pulp >> logs? >> >> On Fri, Apr 17, 2020 at 10:20 AM Bin Li (BLOOMBERG/ 120 PARK) < >> [email protected]> wrote: >> >>> Thanks Dennis. >>> >>> We use pulpcore python client to interact with api. Once we enable ldap >>> on nginx, the below code that pulpcore-client authenticate will not work >>> any more. I am wonder if we are still be able to use pulpcore-client? or we >>> have to rewrite the client code. This sounds too much work for us for now. >>> configuration = pulpcore.Configuration() >>> configuration.host = 'http://localhost' >>> configuration.username = 'admin' >>> configuration.password = 'pwd' >>> rpm_client = pulp_rpm.ApiClient(configuration) >>> >>> From: [email protected] At: 04/16/20 08:38:38 >>> To: Bin Li (BLOOMBERG/ 120 PARK ) <[email protected]> >>> Cc: [email protected] >>> Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication >>> >>> Please be aware that there is a bug in dynaconf 2.2 with how settings >>> are merged[0]. I recommend upgrading it to dynaconf 3.0.0rc1 for best >>> results when configuring authentication backends in pulp. >>> >>> [0] https://pulp.plan.io/issues/6244 >>> [1] https://pypi.org/project/dynaconf/3.0.0rc1/ >>> >>> >>> On Wed, Apr 15, 2020 at 7:02 PM Dennis Kliban <[email protected]> >>> wrote: >>> >>>> Pulp 3 does not currently support multiple users. We are planning to >>>> add support for RBAC in the near future. However, I don't have a concrete >>>> timeline for that. With all that said, you still can configure the web >>>> server to perform authentication[0]. In this case Pulp will stop performing >>>> authentication and will simply look for a WSGI environment variable that >>>> contains the username. >>>> >>>> [0] >>>> https://docs.pulpproject.org/installation/authentication.html#webserver-auth >>>> [1] >>>> https://docs.pulpproject.org/settings.html?highlight=remote_user#remote-user-environ-name >>>> >>>> On Wed, Apr 15, 2020 at 3:19 PM Bin Li (BLOOMBERG/ 120 PARK) < >>>> [email protected]> wrote: >>>> >>>>> >>>>> I am thinking to configure nginx with ldap authentication, but I >>>>> couldn't find a way to interact with the api. Does pulpcore-client work >>>>> with ldap authentication? Has anyone made httpie work with ldap? >>>>> >>>>> Thanks >>>>> _______________________________________________ >>>>> Pulp-list mailing list >>>>> [email protected] >>>>> https://www.redhat.com/mailman/listinfo/pulp-list >>>> >>>> >>> >> >
_______________________________________________ Pulp-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-list
