Thanks Daniel. I'm not getting any further using the trailing slash nor --follow, nor explicitly specifying https port 24817/24816/80/443. Is 24817/24816 the default http/https ports (and not 80/443)? Also, by default it appears that https-only is enabled. You have to specify a role variable to enable http. I'm not doing that. So what port should a new user like me be using when trying to simply ping the new server api status?
Maybe someone can address the question of using the self-signed certs, bc it appears I'm still getting cert-related failures. On Wed, Nov 4, 2020 at 5:44 PM Daniel Alley <[email protected]> wrote: > Actually, HTTP 301 *is* a redirect, so we do in fact do this. It's just > that httpie doesn't follow redirects by default, you have to tell it to do > so. So this works fine: > > http --follow GET :24817/pulp/api/v3/status >> > > On Wed, Nov 4, 2020 at 8:09 PM Daniel Alley <[email protected]> wrote: > >> Hi Tim, >> >> The way the web server is currently configured by default, trailing >> slashes are required. Try "https://pulp.biamp.com/pulp/api/v3/status/"; >> instead. >> >> I think that in this situation a lot of APIs would silently redirect to >> the correct version, but we don't currently support that. I do know that >> it has been discussed in the past and I vaguely remember there having been >> some reasons for doing this, but I can't seem to find any of those >> discussions, nor remember what the reasoning was. Maybe someone else does? >> >> >> >> On Wed, Nov 4, 2020 at 7:18 PM Tim Black <[email protected]> wrote: >> >>> I found this httpie issue <https://github.com/httpie/httpie/issues/480>, >>> basically, the certs I imported into debian aren't respected by httpie. So >>> I think I need to use --verify or --cert option of httpie. >>> >>> But when I use --verify no, I get a 301: >>> >>> [tblack-stretch]/home/tblack/pulpcerts/certs > http --verify no >>> https://pulp.biamp.com/pulp/api/v3/status >>> HTTP/1.1 301 Moved Permanently >>> Connection: keep-alive >>> Content-Length: 0 >>> Content-Type: text/html; charset=utf-8 >>> Date: Thu, 05 Nov 2020 00:07:19 GMT >>> Location: /pulp/api/v3/status/ >>> Server: nginx/1.14.2 >>> >>> and if I use --cert to point to the pulp-generated CA cert I copied over >>> from pulp, I get a different httpie error, I believe indicating I'm using >>> the wrong format cert: >>> >>> http: error: Error: [('PEM routines', 'get_name', 'no start line'), >>> ('SSL routines', 'SSL_CTX_use_PrivateKey_file', 'PEM lib')] >>> >>> Thanks for your help. >>> >>> On Wed, Nov 4, 2020 at 3:54 PM Tim Black <[email protected]> wrote: >>> >>>> I have installed a new pulp instance using pulp.pulp_installer 3.8.1 >>>> and the below ansible play, which mostly uses defaults. The containing >>>> playbook runs to completion with no errors, but I get the following error >>>> trying to access the api status endpoint with httpie: >>>> >>>> [tblack-stretch]cmm/ansible/projects/pulp > http >>>> https://pulp.biamp.com/pulp/api/v3/status >>>> <https://pulp.mydomain.com/pulp/api/v3/status> >>>> >>>> http: error: SSLError: HTTPSConnectionPool(host='pulp.biamp.com >>>> <http://pulp.mydomain.com>', port=443): Max retries exceeded with url: >>>> /pulp/api/v3/status (Caused by SSLError(SSLError("bad handshake: >>>> Error([('SSL routines', 'tls_process_server_certificate', 'certificate >>>> verify failed')],)",),)) while doing GET request to URL: >>>> https://pulp.biamp.com/pulp/api/v3/status >>>> <https://pulp.mydomain.com/pulp/api/v3/status> >>>> >>>> It says it failed to verify the certificate. I've read the docs about >>>> ssl configuration >>>> <https://docs.pulpproject.org/pulpcore/installation/instructions.html#ssl>, >>>> and I have copied both the pulp-generated self-signed root CA and >>>> webserver certs from `/etc/pulp/certs/` to the client (tblack-stretch) I'm >>>> running httpie from. There, I imported the certs by placing them in >>>> /usr/local/share/ca-certificates/extra and running >>>> update-ca-certificates, but still got the same error. >>>> >>>> Here is my play that invokes pulp.pulp_installer.pulp_all_services. >>>> Any help would be appreciated. Thanks. >>>> >>>> - name: Install Pulp >>>> hosts: pulp_cluster >>>> vars: >>>> # Pulp Installer Variables Documentation: >>>> https://pulp-installer.readthedocs.io/en/3.8.1/#variables >>>> pulp_install_plugins: >>>> # IMPORTANT! Compatibility Between Pulpcore and Pulp Plugins Must >>>> be Manually Confirmed/Specified! >>>> # >>>> https://pulp-installer.readthedocs.io/en/3.8.1/#note-on-plugin-version-compatibility-with-pulpcore >>>> # There is a tool that helps you find the compatible plugin >>>> versions. >>>> # https://github.com/fao89/pdc >>>> pulp-ansible: >>>> version: 0.5.0 >>>> pulp-container: >>>> version: 2.1.0 >>>> pulp-deb: >>>> version: 2.7.0 >>>> pulp-file: >>>> version: 1.3.0 >>>> pulp-python: >>>> version: 3.0.0b11 >>>> pulp_default_admin_password: "{{ pulp_admin_password }}" >>>> pulp_settings: >>>> secret_key: "{{ pulp_django_secret_key }}" >>>> content_origin: "https://{{ ansible_fqdn }}" >>>> pre_tasks: >>>> # The version string below is the highest of all those in roles' >>>> metadata: >>>> # "min_ansible_version". It needs to be kept manually up-to-date. >>>> - name: Verify Ansible meets min required version >>>> assert: >>>> that: "ansible_version.full is version_compare('2.8', '>=')" >>>> msg: > >>>> "You must update Ansible to at least 2.8 to use this version >>>> of Pulp 3 Installer." >>>> roles: >>>> - pulp.pulp_installer.pulp_all_services >>>> environment: >>>> DJANGO_SETTINGS_MODULE: pulpcore.app.settings >>>> >>>> _______________________________________________ >>> Pulp-list mailing list >>> [email protected] >>> https://www.redhat.com/mailman/listinfo/pulp-list >> >>
_______________________________________________ Pulp-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-list
