koji_upload": "Krb5Error(-1765328160, \'Configuration file does not specify default realm\')"
link to failing build : https://koji.stg.fedoraproject.org/koji/taskinfo?taskID=90001251
I have no idea if this is an error with the configuration of kerberos or the actual osbs setup. I tried to add the default_realm configuration (STG.FEDORAPROJECT.ORG) to the buildroot container and I had the following error : {"koji_upload": "Krb5Error(-1765328378, \'Client not found in Kerberos database\')"
{"koji_upload": "Krb5Error(-1765328378, \'Client not found in Kerberos database\')"
link to failing build : https://koji.stg.fedoraproject.org/koji/taskinfo?taskID=90001250
Any help with understanding what is wrong is appreciated :smile:
When do you need this? (YYYY/MM/DD) The sooner the better
When is this no longer needed or useful? (YYYY/MM/DD) n/a
You are missing this line for krb5.conf, which is required for staging koji: dns_canonicalize_hostname = false, under [libdefaults].
dns_canonicalize_hostname = false
[libdefaults]
I still got the Configuration file does not specify default realm\', bellow is the krb5.conf file
Configuration file does not specify default realm\'
# To opt out of the system crypto-policies configuration of krb5, remove the # symlink at /etc/krb5.conf.d/crypto-policies which will not be recreated. includedir /etc/krb5.conf.d/ [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] dns_canonicalize_hostname = false dns_lookup_realm = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true rdns = false # default_realm = EXAMPLE.COM default_ccache_name = DIR:/tmp/ccache_%{uid} [realms] # EXAMPLE.COM = { # kdc = kerberos.example.com # admin_server = kerberos.example.com # }
For some reason, the principal and keytab arguments aren't making it to the koji_upload plugin call: 2018-04-26 09:53:59,482 platform:x86_64 - atomic_reactor.plugins.orchestrate_build - INFO - 2018-04-26 09:53:58,878 platform:- - atomic_reactor.plugin - INFO - running plugin instance with args: '{u'kojihub': u'https://koji.stg.fedoraproject.org/kojihub', u'url': u'https://osbs.stg.fedoraproject.org/', u'blocksize': 10485760, u'koji_principal': False, u'koji_keytab': False, u'koji_upload_dir': u'koji-upload/1524736283.163636.IsGrlmCw', u'platform': u'x86_64', u'verify_ssl': False, u'use_auth': True, u'build_json_dir': u'/usr/share/osbs'}'
2018-04-26 09:53:59,482 platform:x86_64 - atomic_reactor.plugins.orchestrate_build - INFO - 2018-04-26 09:53:58,878 platform:- - atomic_reactor.plugin - INFO - running plugin instance with args: '{u'kojihub': u'https://koji.stg.fedoraproject.org/kojihub', u'url': u'https://osbs.stg.fedoraproject.org/', u'blocksize': 10485760, u'koji_principal': False, u'koji_keytab': False, u'koji_upload_dir': u'koji-upload/1524736283.163636.IsGrlmCw', u'platform': u'x86_64', u'verify_ssl': False, u'use_auth': True, u'build_json_dir': u'/usr/share/osbs'}'
Note that u'koji_principal': False and u'koji_keytab': False`, which would make it unable to authenticate to koji.
u'koji_principal': False
Yeah, one step further :), now I have 'Generic preauthentication failure'.
https://kojipkgs.stg.fedoraproject.org//work/tasks/1255/90001255/x86_64.log
2018-04-26 12:42:14,600 - atomic_reactor.plugin - INFO - running plugin instance with args: '{u'kojihub': u'https://koji.stg.fedoraproject.org/kojihub', u'url': u'https://osbs.stg.fedoraproject.org/', u'blocksize': 10485760, u'koji_principal': u'osbs/osbs.stg.fedoraproject.org@STG.FEDORAPROJECT.ORG', u'koji_keytab': u'FILE/etc/krb5.osbs_osbs.stg.fedoraproject.org.keytab', u'koji_upload_dir': u'koji-upload/1524746295.914084.JikGsUQc', u'platform': u'x86_64', u'verify_ssl': False, u'use_auth': True, u'build_json_dir': u'/usr/share/osbs'}' 2018-04-26 12:42:14,652 - atomic_reactor.util - WARNING - can't import module dockpulp: ImportError('No module named dockpulp',) 2018-04-26 12:42:15,109 - atomic_reactor.util - DEBUG - md5sum: 207d468290bf5459ccf335f81b6834fc 2018-04-26 12:42:15,109 - atomic_reactor.plugins.koji_upload - INFO - Schema v1 preferred, but not used 2018-04-26 12:42:15,599 - atomic_reactor.util - DEBUG - md5sum: 8c5adb4464731349d5adda094b87b96f 2018-04-26 12:42:15,600 - atomic_reactor.koji_util - INFO - Using Kerberos for Koji authentication 2018-04-26 12:42:15,701 - atomic_reactor.plugin - DEBUG - Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/atomic_reactor/plugin.py", line 238, in run plugin_response = plugin_instance.run() File "/usr/lib/python2.7/site-packages/atomic_reactor/plugins/post_koji_upload.py", line 535, in run session = self.login() File "/usr/lib/python2.7/site-packages/atomic_reactor/plugins/post_koji_upload.py", line 515, in login return create_koji_session(str(self.kojihub), auth_info) File "/usr/lib/python2.7/site-packages/atomic_reactor/koji_util.py", line 112, in create_koji_session koji_login(session, **auth_info) File "/usr/lib/python2.7/site-packages/atomic_reactor/koji_util.py", line 92, in koji_login result = session.krb_login(**kwargs) File "/usr/lib/python2.7/site-packages/koji/__init__.py", line 2158, in krb_login ccache.init_creds_keytab(principal=cprinc, keytab=keytab) Krb5Error: (-1765328174, 'Generic preauthentication failure')
Ok i am missing a : in the keytab path FILE/etc/krb5.osbs_osbs.stg.fedoraproject.org.keytab
:
FILE/etc/krb5.osbs_osbs.stg.fedoraproject.org.keytab
Metadata Update from @cverna: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
@puiterwijk thanks for helping
Login to comment on this ticket.