On Monday, January 16, 2012 7:15:13 AM, Jan Pazdziora wrote: > On Tue, Jan 10, 2012 at 02:13:40PM -0500, Scott Worthington wrote: >> On Tuesday, January 10, 2012 10:33:54 AM, Jan Pazdziora wrote: >> >> [...] >> >>> The error is >>> >>> [error] acl fail: user_role(org_admin); >>> system_feature(ftr_proxy_capable); org_channel_family(rhn-proxy); >>> child_channel_candidate(rhn-proxy) at >>> /usr/lib/perl5/vendor_perl/5.8.8/PXT/ApacheAuth.pm line 141. >>> >>> in /var/log/httpd/error_log. >>> >>> Mirek, can you investigate? >>> >>>> Since the Spacewalk Proxy successfully activated to Spacewalk, I >>>> assumed all was go. >>> >>> Yes, your Proxy should be good to go, you just won't be able to see it >>> on the WebUI. >>> >>>> Any idea where else I should look to find out why I am getting a >>>> permission error? >>> >>> It's a .pxt page, so under /var/log/httpd. >> >> Yes, just as you said, I found the errors the /var/log/httpd/error_log >> as: >> >> acl fail: user_role(org_admin); system_feature(ftr_proxy_capable); >> org_channel_family(rhn-prdidate(rhn-proxy) at >> /usr/share/perl5/vendor_perl/PXT/ApacheAuth.pm line 141 > > Could you please apply the following patch to > /etc/httpd/conf.d/zz-spacewalk-www.conf, restart httpd and see > if it fixes the problem for you? > > diff --git a/spacewalk/config/etc/httpd/conf.d/zz-spacewalk-www.conf > b/spacewalk/config/etc/httpd/conf.d/zz-spacewalk-www.conf > index cde64a3..33fcaeb 100644 > --- a/spacewalk/config/etc/httpd/conf.d/zz-spacewalk-www.conf > +++ b/spacewalk/config/etc/httpd/conf.d/zz-spacewalk-www.conf > @@ -161,7 +161,7 @@ PerlModule PXT::ApacheAuth > <Files proxy.pxt> > ForceType text/pxt > SetHandler perl-script > - require acl mixin RHN::Access::System user_role(org_admin); > system_feature(ftr_proxy_capable); org_channel_family(rhn-proxy); > child_channel_candidate(rhn-proxy) > + require acl mixin RHN::Access::System user_role(org_admin); > system_feature(ftr_proxy_capable) or system_is_proxy(); > org_channel_family(rhn-proxy) or system_is_proxy(); > child_channel_candidate(rhn-proxy) or system_is_proxy() > </Files> > > <Files activation.pxt> >
Jan, I applied the diff above (effectively replacing line 164) in my /etc/httpd/conf.d/zz-spacewalk-www.conf and then performed a 'service httpd restart'. I tried clicking on the "Proxy" link for the System that is a Spacewalk Proxy and received the following traceback via e-mail as well as a "500 Error - Internal Server Error", but this time only listing one item: "1. You've found an error in the site. Please report this error to your local administrator with details of how you received this message." The following exception occurred while executing this request: GET /network/systems/details/proxy.pxt?sid=1000010042 HTTP/1.1 (from browser) /network/systems/details/proxy.pxt (from Apache) Date: Mon Jan 16 09:36:20 2012 Headers: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-us,en;q=0.5 Connection: keep-alive Cookie: pxt-session-cookie=33165x905d9829f5f732eeada9d0bf770694ba Host: tpa-spacewalk-01.example.local Referer: https://tpa-spacewalk-01.example.local/rhn/systems/details/Overview.do?sid=1000010042 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 X-ClickOnceSupport: ( .NET CLR 3.5.30729; .NET4.0E) Form variables: sid => 1000010042 User Information: User alocaluser (id 2, org_id 1) Error notes: (none) Initial Request: Yes Error message: RHN::Exception: User '2' attempted to access proxy interface without permission. Sniglets::Servers /usr/share/perl5/vendor_perl/Sniglets/Servers.pm 150 RHN::Exception::throw PXT::Parser /usr/share/perl5/vendor_perl/PXT/Parser.pm 160 Sniglets::Servers::proxy_entitlement_form PXT::Parser /usr/share/perl5/vendor_perl/PXT/Parser.pm 72 PXT::Parser::expand_tag PXT::ApacheHandler /usr/share/perl5/vendor_perl/PXT/ApacheHandler.pm 500 PXT::Parser::expand_tags PXT::ApacheHandler /usr/share/perl5/vendor_perl/PXT/ApacheHandler.pm 103 PXT::ApacheHandler::pxt_parse_data PXT::ApacheHandler /usr/share/perl5/vendor_perl/PXT/ApacheHandler.pm 103 (eval) main -e 0 PXT::ApacheHandler::handler main -e 0 (eval) My account "alocaluser" is an Organizational Administrator. Thinking that the error may be tied to "Organizational Administrator" permission, I logged in with my user that is the "Satellite Administrator". I received the same e-mail traceback error as above. The /var/log/httpd/error_log contains: [Mon Jan 16 09:41:39 2012] [error] Execution of /var/www/html/network/systems/details/proxy.pxt failed at Mon Jan 16 09:41:39 2012: RHN::Exception: User '1' attempted to access proxy interface without permission.\n Sniglets::Servers /usr/share/perl5/vendor_perl/Sniglets/Servers.pm 150 RHN::Exception::throw\n PXT::Parser /usr/share/perl5/vendor_perl/PXT/Parser.pm 160 Sniglets::Servers::proxy_entitlement_form\n PXT::Parser /usr/share/perl5/vendor_perl/PXT/Parser.pm 72 PXT::Parser::expand_tag\n PXT::ApacheHandler /usr/share/perl5/vendor_perl/PXT/ApacheHandler.pm 500 PXT::Parser::expand_tags\n PXT::ApacheHandler /usr/share/perl5/vendor_perl/PXT/ApacheHandler.pm 103 PXT::ApacheHandler::pxt_parse_data\n PXT::ApacheHandler /usr/share/perl5/vendor_perl/PXT/ApacheHandler.pm 103 (eval)\n main -e 0 PXT::ApacheHandler::handler\n main -e 0 (eval) Hope this helps uncover the permissions problem. _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
