Django app detected
Working in development environment
BASE_DIR<str>
'/opt/utils/venv/pulp/3.7.3/lib64/python3.7/site-packages/pulpcore/app'
DEBUG<bool> False
ALLOWED_HOSTS<list> ['*']
MEDIA_ROOT<str> '/var/lib/pulp/'
STATIC_ROOT<str> '/var/lib/pulp/assets/'
DEFAULT_FILE_STORAGE<str> 'pulpcore.app.models.storage.FileSystem'
FILE_UPLOAD_TEMP_DIR<str> '/var/lib/pulp/tmp/'
WORKING_DIRECTORY<str> '/var/lib/pulp/tmp/'
FILE_UPLOAD_HANDLERS<list> ['pulpcore.app.files.HashingFileUploadHandler']
SECRET_KEY<str> '3e$d+861lqv8x6y39p%^0!3(=%jzw6()g!u44%(=u@1_5p42g!'
INSTALLED_APPS<list> ['django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'django_filters',
'drf_yasg',
'rest_framework',
'pulpcore.app',
'pulp_rpm.app.PulpRpmPluginAppConfig',
'pulp_file.app.PulpFilePluginAppConfig']
INSTALLED_PULP_PLUGINS<list> ['pulp_rpm', 'pulp_file']
OPTIONAL_APPS<list> ['crispy_forms', 'django_extensions', 'storages']
MIDDLEWARE<list> ['django.middleware.security.SecurityMiddleware',
'whitenoise.middleware.WhiteNoiseMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware']
AUTHENTICATION_BACKENDS<list>
['pulpcore.app.authentication.PulpNoCreateRemoteUserBackend']
ROOT_URLCONF<str> 'pulpcore.app.urls'
TEMPLATES<list> [{'APP_DIRS': True,
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS':
['/opt/utils/venv/pulp/3.7.3/lib64/python3.7/site-packages/pulpcore/app/templates'],
'OPTIONS': {'context_processors': ['django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages']}}]
WSGI_APPLICATION<str> 'pulpcore.app.wsgi.application'
REST_FRAMEWORK<dict> {'DEFAULT_AUTHENTICATION_CLASSES':
['rest_framework.authentication.SessionAuthentication',
'pulpcore.app.authentication.PulpRemoteUserAuthentication'],
'DEFAULT_FILTER_BACKENDS':
['django_filters.rest_framework.DjangoFilterBackend'],
'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.LimitOffsetPagination',
'DEFAULT_PERMISSION_CLASSES': ['rest_framework.permissions.IsAuthenticated'],
'DEFAULT_VERSIONING_CLASS': 'rest_framework.versioning.URLPathVersioning',
'PAGE_SIZE': 100,
'UPLOADED_FILES_USE_URL': False,
'URL_FIELD_NAME': 'pulp_href'}
AUTH_PASSWORD_VALIDATORS<list> [{'NAME':
'django.contrib.auth.password_validation.UserAttributeSimilarityValidator'},
{'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator'},
{'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator'},
{'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator'}]
LANGUAGE_CODE<str> 'en-us'
TIME_ZONE<str> 'UTC'
USE_I18N<list> ['USE_I18N', True]
USE_L10N<bool> True
USE_TZ<bool> True
STATIC_URL<str> '/static/'
DATABASES<dict> {'default': {'ENGINE': 'django.db.backends.postgresql_psycopg2',
'HOST': 'localhost',
'NAME': 'pulp',
'PASSWORD': 'pulp',
'PORT': 5432,
'USER': 'pulp'}}
LOGGING<dict> {'disable_existing_loggers': False,
'formatters': {'simple': {'format': 'pulp: %(name)s:%(levelname)s: '
'%(message)s'}},
'handlers': {'console': {'class': 'logging.StreamHandler',
'formatter': 'simple'}},
'loggers': {'': {'handlers': ['console'], 'level': 'INFO'}},
'version': 1}
CONTENT_PATH_PREFIX<str> '/pulp/content/'
CONTENT_APP_TTL<int> 120
REMOTE_USER_ENVIRON_NAME<str> 'HTTP_REMOTE_USER'
ALLOWED_IMPORT_PATHS<list> []
PROFILE_STAGES_API<bool> False
SWAGGER_SETTINGS<dict> {'DEFAULT_AUTO_SCHEMA_CLASS':
'pulpcore.app.openapigenerator.PulpAutoSchema',
'DEFAULT_GENERATOR_CLASS':
'pulpcore.app.openapigenerator.PulpOpenAPISchemaGenerator',
'DEFAULT_INFO': 'pulpcore.app.urls.api_info'}
REDOC_SETTINGS<dict> {'SPEC_URL':
'/pulp/api/v3/docs/?format=openapi&include_html=1'}
CONTENT_ORIGIN<str> 'http://myhost.bloomberg.com'
SETTINGS<str> '/etc/pulp/settings.py'
Here is the log. gunicorn seems take the remote_user
Apr 22 09:18:58 ip-1-76-158-49 gunicorn[12150]: pulp: django.request:WARNING:
Forbidden: /pulp/api/v3/remotes/rpm/rpm/
Apr 22 09:18:58 ip-1-76-158-49 gunicorn[12150]: 127.0.0.1 - bli4
[22/Apr/2020:13:18:58 +0000] "GET /pulp/api/v3/remotes/rpm/rpm/ HTTP/1.0" 403
58 "-" "HTTPie/0.9.4"
Apr 22 09:19:01 ip-1-76-158-49 systemd[1]: Created slice User Slice of root.
Apr 22 09:19:01 ip-1-76-158-49 systemd[1]: Started Session 324743 of user root.
Apr 22 09:19:01 ip-1-76-158-49 systemd[1]: Removed slice User Slice of root.
Apr 22 09:19:05 ip-1-76-158-49 gunicorn[12150]: 127.0.0.1 - bli4
[22/Apr/2020:13:19:05 +0000] "GET /pulp/api/v3/status/ HTTP/1.0" 200 1178 "-"
"HTTPie/0.9.4"
From: [email protected] At: 04/22/20 09:24:47To: Bin Li (BLOOMBERG/ 120 PARK
)
Cc: [email protected]
Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication
Could you please share your settings by running the following commands on your
Pulp server:
export DJANGO_SETTINGS_MODULE=pulpcore.app.settings
export PULP_SETTINGS=/etc/pulp/settings.py (or wherever your settings are)
dynaconf list
Don't forget to obfuscate any settings you don't want to share.
On Wed, Apr 22, 2020 at 9:15 AM Bin Li (BLOOMBERG/ 120 PARK)
<[email protected]> wrote:
Thank Dennis. This fixes the issue restarting pulp. With my LDAP credential,
now I can
http -a id:pwd GET localhost/pulp/api/v3/status/ but getting "Authentication
credentials were not provided" for all other uri /remtes/rpm/rpm/. It looks
like pulp is not using external authentication and still need its own
authentication somehow.
From: [email protected] At: 04/22/20 06:52:35To: Bin Li (BLOOMBERG/ 120 PARK
)
Cc: [email protected]
Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication
You need to replace
REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'] =
with
REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES =
On Tue, Apr 21, 2020 at 10:09 PM Bin Li (BLOOMBERG/ 120 PARK)
<[email protected]> wrote:
This setting actually failed to restart pulp. See errors below.
Apr 21 21:56:27 ip-1-76-158-49 gunicorn[24414]: NameError: name
'REST_FRAMEWORK' is not defined
Apr 21 21:56:27 ip-1-76-158-49 gunicorn[24414]: [2020-04-21 21:56:27 -0400]
[24417] [INFO] Worker exiting (pid: 24417)
Apr 21 21:56:27 ip-1-76-158-49 gunicorn[24414]: [2020-04-21 21:56:27 -0400]
[24414] [INFO] Shutting down: Master
Apr 21 21:56:27 ip-1-76-158-49 gunicorn[24414]: [2020-04-21 21:56:27 -0400]
[24414] [INFO] Reason: Worker failed to boot.
Apr 21 21:56:27 ip-1-76-158-49 systemd[1]: pulpcore-api.service: main process
exited, code=exited, status=3/NOTIMPLEMENTED
Apr 21 21:56:27 ip-1-76-158-49 systemd[1]: Unit pulpcore-api.service entered
failed state.
Apr 21 21:56:27 ip-1-76-158-49 systemd[1]: pulpcore-api.service failed.
Apr 21 21:56:27 ip-1-76-158-49 systemd[1]: pulpcore-resource-manager.service
holdoff time over, scheduling restart.
From: Bin Li (BLOOMBERG/ 120 PARK) At: 04/21/20 21:32:49To: [email protected]
Cc: [email protected]
Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication
Yes, I did
# pip list |grep dynaconf
dynaconf 3.0.0rc1
From: [email protected] At: 04/21/20 20:01:00To: Bin Li (BLOOMBERG/ 120 PARK
)
Cc: [email protected]
Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication
Did you update dynaconf to 3.0.0rc1? There was a bug that caused the settings
to get merged instead of overwritten.
[0] https://pulp.plan.io/issues/6244
[1] https://pypi.org/project/dynaconf/3.0.0rc1/
On Tue, Apr 21, 2020 at 5:59 PM Bin Li (BLOOMBERG/ 120 PARK)
<[email protected]> wrote:
I have followed the setup
https://www.nginx.com/blog/nginx-plus-authenticate-users/ to setup nginx LDAP
authentication.
This command works "http -a admin:password GET
localhost/pulp/api/v3/repositories/rpm/rpm/ Cookie:nginxauth=XXXXXXX". The
Cookie is the base64 encoded ldap username and password.
I assume I should follow the below so I don't have to specify
admin:pwdhttps://docs.pulpproject.org/installation/authentication.html#webserver-auth-with-reverse-proxy
Adding the below to settings.py doesn't seem to work.
REMOTE_USER_ENVIRON_NAME = 'HTTP_REMOTE_USER'
AUTHENTICATION_BACKENDS =
['pulpcore.app.authentication.PulpNoCreateRemoteUserBackend']
REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'] = (
'rest_framework.authentication.SessionAuthentication',
'pulpcore.app.authentication.PulpRemoteUserAuthentication'
I am a little confused what need to be added for this setup.
nginx <---http---> gunicorn <----WSGI----> pulpcore.app.wsgi application
Please advise
Thanks
From: [email protected] At: 04/17/20 10:45:31To: Bin Li (BLOOMBERG/ 120 PARK
)
Cc: [email protected]
Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication
Theoretically you should be able to use pulpcore-client even with LDAP
authentication in the web server. However, I have not tested this. I've only
helped users that use certificate authentication in the webserver. What error
are you seeing on the client side? Do you see any errors in pulp logs?
On Fri, Apr 17, 2020 at 10:20 AM Bin Li (BLOOMBERG/ 120 PARK)
<[email protected]> wrote:
Thanks Dennis.
We use pulpcore python client to interact with api. Once we enable ldap on
nginx, the below code that pulpcore-client authenticate will not work any more.
I am wonder if we are still be able to use pulpcore-client? or we have to
rewrite the client code. This sounds too much work for us for now.
configuration = pulpcore.Configuration()
configuration.host = 'http://localhost'
configuration.username = 'admin'
configuration.password = 'pwd'
rpm_client = pulp_rpm.ApiClient(configuration)
From: [email protected] At: 04/16/20 08:38:38To: Bin Li (BLOOMBERG/ 120 PARK
)
Cc: [email protected]
Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication
Please be aware that there is a bug in dynaconf 2.2 with how settings are
merged[0]. I recommend upgrading it to dynaconf 3.0.0rc1 for best results when
configuring authentication backends in pulp.
[0] https://pulp.plan.io/issues/6244
[1] https://pypi.org/project/dynaconf/3.0.0rc1/
On Wed, Apr 15, 2020 at 7:02 PM Dennis Kliban <[email protected]> wrote:
Pulp 3 does not currently support multiple users. We are planning to add
support for RBAC in the near future. However, I don't have a concrete timeline
for that. With all that said, you still can configure the web server to perform
authentication[0]. In this case Pulp will stop performing authentication and
will simply look for a WSGI environment variable that contains the username.
[0] https://docs.pulpproject.org/installation/authentication.html#webserver-auth
[1]
https://docs.pulpproject.org/settings.html?highlight=remote_user#remote-user-environ-name
On Wed, Apr 15, 2020 at 3:19 PM Bin Li (BLOOMBERG/ 120 PARK)
<[email protected]> wrote:
I am thinking to configure nginx with ldap authentication, but I couldn't find
a way to interact with the api. Does pulpcore-client work with ldap
authentication? Has anyone made httpie work with ldap?
Thanks_______________________________________________
Pulp-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/pulp-list
_______________________________________________
Pulp-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/pulp-list
