[Solved] OPSI product udpater

aszykmat
Beiträge: 27
Registriert: 26 Nov 2015, 14:14

[Solved] OPSI product udpater

Beitrag von aszykmat »

Hi,
I have a problem with product updater, what happens ?
I check rights in directory and everything is correct.

opsi-product-updater
Traceback:
line 1187 in '<module>' in file '/usr/bin/opsi-product-updater'
line 1180 in 'main' in file '/usr/bin/opsi-product-updater'
line 478 in 'processUpdates' in file '/usr/bin/opsi-product-updater'
line 970 in 'getDownloadablePackages' in file '/usr/bin/opsi-product-updater'
line 1090 in 'getDownloadablePackagesFromRepository' in file '/usr/bin/opsi-product-updater'
==>>> Failed to process url 'https://{server}:4447/repository': <urlopen error Tunnel connection failed: 403 Forbidden>
ERROR: Failed to process url 'https://{server}:4447/repository': <urlopen error Tunnel connection failed: 403 Forbidden>
Zuletzt geändert von aszykmat am 14 Jan 2016, 13:12, insgesamt 1-mal geändert.
nicolaslebrun
Beiträge: 112
Registriert: 18 Apr 2011, 11:43

Re: OPSI product udpater

Beitrag von nicolaslebrun »

Does 'https://{server}:4447/repository' exist ?

I think your file /etc/opsi/opsi-product-updater.conf is not good...

Regards
Benutzeravatar
n.wenselowski
Ex-uib-Team
Beiträge: 3194
Registriert: 04 Apr 2013, 12:15

Re: OPSI product udpater

Beitrag von n.wenselowski »

Hi,

does it really say "https://{server}:4447/"?

Do you use a proxy?


Kind regards

Niko

Code: Alles auswählen

import OPSI
aszykmat
Beiträge: 27
Registriert: 26 Nov 2015, 14:14

Re: OPSI product udpater

Beitrag von aszykmat »

I change in post the IP to {server}.
For example: 10.0.2.5 is {server}.

All depots are in one cloud network and Depots see each other.

For example:
I could do:
opsi-package-manager -i package.opsi -d all
That program connect and install product on 3 depots.

My opsi-product-updater.conf, last lines:

Code: Alles auswählen

[repository_master]
active = true
opsiDepotId = {server}
autoInstall = true
autoUpdate = true
autoSetup = false
; Inherit ProductProperty defaults from master repository
inheritProductProperties = false
Then I enter correct username and password in config file is the same error and when I enter wrong username and password that

Code: Alles auswählen

==>>> Opsi authentication error: Forbidden: Backend authentication error: Backend authentication error: PAM authentication failed for user 'wrong_username': ('Authentication failure', 7) (error on server)
I think is the problem with auth in page /repository
Benutzeravatar
n.wenselowski
Ex-uib-Team
Beiträge: 3194
Registriert: 04 Apr 2013, 12:15

Re: OPSI product udpater

Beitrag von n.wenselowski »

Hi,

do you use PAM for auth on your opsi server?
If so please make sure that the clients are able to auth themself on the configserver.


With kind regards

Niko

Code: Alles auswählen

import OPSI
aszykmat
Beiträge: 27
Registriert: 26 Nov 2015, 14:14

Re: OPSI product udpater

Beitrag von aszykmat »

Hi,
I use authorization by domain but adminuser is authorization by system.
I don't understand why Primary Master Depot (PMD) could login to Second Master Depot (SMD) from opsi-package-manager but SMD couldn't login from opsi-product-updater.


Regards,
Mateusz.
Benutzeravatar
n.wenselowski
Ex-uib-Team
Beiträge: 3194
Registriert: 04 Apr 2013, 12:15

Re: OPSI product udpater

Beitrag von n.wenselowski »

Hi Mateusz,
aszykmat hat geschrieben:I use authorization by domain but adminuser is authorization by system.
so there is PAM involved?
aszykmat hat geschrieben:I don't understand why Primary Master Depot (PMD) could login to Second Master Depot (SMD) from opsi-package-manager but SMD couldn't login from opsi-product-updater.
Are the auth mechanism on PMD & SMD configured differently?


With kind regards

Niko

Code: Alles auswählen

import OPSI
aszykmat
Beiträge: 27
Registriert: 26 Nov 2015, 14:14

Re: OPSI product udpater

Beitrag von aszykmat »

Auth in PMD and SMD is the same, adminuser is auth by system and other users is auth by kerberos.

I did an interesting test in SMD and I add lines with fake user and password in opsi-product-updater.conf and I received a log:
Traceback:
line 103 in 'processResult' in file '/usr/lib/python2.7/dist-packages/OPSI/Backend/JSONRPC.py'
==>>> Opsi authentication error: Forbidden: Backend authentication error: Backend authentication error: OpsiHostKey authentication failed for host 'SMD': wrong key (error on server)
Traceback:
line 1187 in '<module>' in file '/usr/bin/opsi-product-updater'
line 1180 in 'main' in file '/usr/bin/opsi-product-updater'
line 478 in 'processUpdates' in file '/usr/bin/opsi-product-updater'
line 970 in 'getDownloadablePackages' in file '/usr/bin/opsi-product-updater'
line 980 in 'getDownloadablePackagesFromRepository' in file '/usr/bin/opsi-product-updater'
line 447 in 'getDepotConnection' in file '/usr/bin/opsi-product-updater'
line 355 in '__init__' in file '/usr/lib/python2.7/dist-packages/OPSI/Backend/JSONRPC.py'
line 453 in 'connect' in file '/usr/lib/python2.7/dist-packages/OPSI/Backend/JSONRPC.py'
line 674 in '_jsonRPC' in file '/usr/lib/python2.7/dist-packages/OPSI/Backend/JSONRPC.py'
line 148 in 'execute' in file '/usr/lib/python2.7/dist-packages/OPSI/Backend/JSONRPC.py'
line 141 in 'waitForResult' in file '/usr/lib/python2.7/dist-packages/OPSI/Backend/Backend.py'
==>>> Opsi authentication error: Forbidden: Backend authentication error: Backend authentication error: OpsiHostKey authentication failed for host 'SMD': wrong key (error on server)


When I expecting answer, I installed third deploy server and I have the same problem.

Got repository local url 'file:///var/lib/opsi/repository' for depot 'PMD'
Traceback:
line 1007 in 'getDownloadablePackagesFromRepository' in file '/usr/bin/opsi-product-updater'
line 404 in 'open' in file '/usr/lib/python2.7/urllib2.py'
line 422 in '_open' in file '/usr/lib/python2.7/urllib2.py'
line 382 in '_call_chain' in file '/usr/lib/python2.7/urllib2.py'
line 1222 in 'https_open' in file '/usr/lib/python2.7/urllib2.py'
line 1184 in 'do_open' in file '/usr/lib/python2.7/urllib2.py'
==>>> <urlopen error Tunnel connection failed: 403 Forbidden>
Traceback:
line 1187 in '<module>' in file '/usr/bin/opsi-product-updater'
line 1180 in 'main' in file '/usr/bin/opsi-product-updater'
line 478 in 'processUpdates' in file '/usr/bin/opsi-product-updater'
line 970 in 'getDownloadablePackages' in file '/usr/bin/opsi-product-updater'
line 1090 in 'getDownloadablePackagesFromRepository' in file '/usr/bin/opsi-product-updater'
==>>> Failed to process url 'https://PMD:4447/repository': <urlopen error Tunnel connection failed: 403 Forbidden>
ERROR: Failed to process url 'https://PMD:4447/repository': <urlopen error Tunnel connection failed: 403 Forbidden>

Regards,
Mateusz.
Benutzeravatar
ueluekmen
uib-Team
Beiträge: 1940
Registriert: 28 Mai 2008, 10:53

Re: OPSI product udpater

Beitrag von ueluekmen »

Hi,

are your depotservers registered? Or have you standalone opsi-Servers in the cloud?

How long is the FQDN from the depotserver? Perhaps you have a problem with length.


Vielen Dank für die Nutzung von opsi. Im Forum ist unser Support begrenzt.

Für den professionellen Einsatz und individuelle Beratung empfehlen wir einen Support-Vertrag und eine Schulung.
Gerne informieren wir Sie zu unserem Angebot.

uib GmbH
Telefon: +49 6131 27561 0
E-Mail: sales@uib.de


aszykmat
Beiträge: 27
Registriert: 26 Nov 2015, 14:14

Re: OPSI product udpater

Beitrag von aszykmat »

Two depot servers are registered in MasterDepot.
All depots are working in a network.

I think, this is no problem with the FQDN because I have access to depot server (FQDN, short name DNS) by web browser.

Regards.
Antworten