[Solved] OPSI product udpater

[aszykmat]

Hi,
I have a problem with product updater, what happens ?
I check rights in directory and everything is correct.

opsi-product-updater
Traceback:
line 1187 in '<module>' in file '/usr/bin/opsi-product-updater'
line 1180 in 'main' in file '/usr/bin/opsi-product-updater'
line 478 in 'processUpdates' in file '/usr/bin/opsi-product-updater'
line 970 in 'getDownloadablePackages' in file '/usr/bin/opsi-product-updater'
line 1090 in 'getDownloadablePackagesFromRepository' in file '/usr/bin/opsi-product-updater'
==>>> Failed to process url 'https://{server}:4447/repository': <urlopen error Tunnel connection failed: 403 Forbidden>
ERROR: Failed to process url 'https://{server}:4447/repository': <urlopen error Tunnel connection failed: 403 Forbidden>

[nicolaslebrun]

Does 'https://{server}:4447/repository' exist ?

I think your file /etc/opsi/opsi-product-updater.conf is not good...

Regards

[n.wenselowski]

Hi,

does it really say "https://{server}:4447/"?

Do you use a proxy?


Kind regards

Niko

[aszykmat]

I change in post the IP to {server}.
For example: 10.0.2.5 is {server}.

All depots are in one cloud network and Depots see each other.

For example:
I could do:
opsi-package-manager -i package.opsi -d all
That program connect and install product on 3 depots.

My opsi-product-updater.conf, last lines:

Code: Alles auswählen

[repository_master]
active = true
opsiDepotId = {server}
autoInstall = true
autoUpdate = true
autoSetup = false
; Inherit ProductProperty defaults from master repository
inheritProductProperties = false

Then I enter correct username and password in config file is the same error and when I enter wrong username and password that

Code: Alles auswählen

==>>> Opsi authentication error: Forbidden: Backend authentication error: Backend authentication error: PAM authentication failed for user 'wrong_username': ('Authentication failure', 7) (error on server)

I think is the problem with auth in page /repository

[n.wenselowski]

Hi,

do you use PAM for auth on your opsi server?
If so please make sure that the clients are able to auth themself on the configserver.


With kind regards

Niko

[aszykmat]

Hi,
I use authorization by domain but adminuser is authorization by system.
I don't understand why Primary Master Depot (PMD) could login to Second Master Depot (SMD) from opsi-package-manager but SMD couldn't login from opsi-product-updater.


Regards,
Mateusz.

[n.wenselowski]

Hi Mateusz,

I use authorization by domain but adminuser is authorization by system.

so there is PAM involved?

I don't understand why Primary Master Depot (PMD) could login to Second Master Depot (SMD) from opsi-package-manager but SMD couldn't login from opsi-product-updater.

Are the auth mechanism on PMD & SMD configured differently?


With kind regards

Niko

[aszykmat]

Auth in PMD and SMD is the same, adminuser is auth by system and other users is auth by kerberos.

I did an interesting test in SMD and I add lines with fake user and password in opsi-product-updater.conf and I received a log:
Traceback:
line 103 in 'processResult' in file '/usr/lib/python2.7/dist-packages/OPSI/Backend/JSONRPC.py'
==>>> Opsi authentication error: Forbidden: Backend authentication error: Backend authentication error: OpsiHostKey authentication failed for host 'SMD': wrong key (error on server)
Traceback:
line 1187 in '<module>' in file '/usr/bin/opsi-product-updater'
line 1180 in 'main' in file '/usr/bin/opsi-product-updater'
line 478 in 'processUpdates' in file '/usr/bin/opsi-product-updater'
line 970 in 'getDownloadablePackages' in file '/usr/bin/opsi-product-updater'
line 980 in 'getDownloadablePackagesFromRepository' in file '/usr/bin/opsi-product-updater'
line 447 in 'getDepotConnection' in file '/usr/bin/opsi-product-updater'
line 355 in '__init__' in file '/usr/lib/python2.7/dist-packages/OPSI/Backend/JSONRPC.py'
line 453 in 'connect' in file '/usr/lib/python2.7/dist-packages/OPSI/Backend/JSONRPC.py'
line 674 in '_jsonRPC' in file '/usr/lib/python2.7/dist-packages/OPSI/Backend/JSONRPC.py'
line 148 in 'execute' in file '/usr/lib/python2.7/dist-packages/OPSI/Backend/JSONRPC.py'
line 141 in 'waitForResult' in file '/usr/lib/python2.7/dist-packages/OPSI/Backend/Backend.py'
==>>> Opsi authentication error: Forbidden: Backend authentication error: Backend authentication error: OpsiHostKey authentication failed for host 'SMD': wrong key (error on server)


When I expecting answer, I installed third deploy server and I have the same problem.

Got repository local url 'file:///var/lib/opsi/repository' for depot 'PMD'
Traceback:
line 1007 in 'getDownloadablePackagesFromRepository' in file '/usr/bin/opsi-product-updater'
line 404 in 'open' in file '/usr/lib/python2.7/urllib2.py'
line 422 in '_open' in file '/usr/lib/python2.7/urllib2.py'
line 382 in '_call_chain' in file '/usr/lib/python2.7/urllib2.py'
line 1222 in 'https_open' in file '/usr/lib/python2.7/urllib2.py'
line 1184 in 'do_open' in file '/usr/lib/python2.7/urllib2.py'
==>>> <urlopen error Tunnel connection failed: 403 Forbidden>
Traceback:
line 1187 in '<module>' in file '/usr/bin/opsi-product-updater'
line 1180 in 'main' in file '/usr/bin/opsi-product-updater'
line 478 in 'processUpdates' in file '/usr/bin/opsi-product-updater'
line 970 in 'getDownloadablePackages' in file '/usr/bin/opsi-product-updater'
line 1090 in 'getDownloadablePackagesFromRepository' in file '/usr/bin/opsi-product-updater'
==>>> Failed to process url 'https://PMD:4447/repository': <urlopen error Tunnel connection failed: 403 Forbidden>
ERROR: Failed to process url 'https://PMD:4447/repository': <urlopen error Tunnel connection failed: 403 Forbidden>

Regards,
Mateusz.

[ueluekmen]

Hi,

are your depotservers registered? Or have you standalone opsi-Servers in the cloud?

How long is the FQDN from the depotserver? Perhaps you have a problem with length.

[aszykmat]

Two depot servers are registered in MasterDepot.
All depots are working in a network.

I think, this is no problem with the FQDN because I have access to depot server (FQDN, short name DNS) by web browser.

Regards.