forum.opsi.org

Hi,
I have a problem with product updater, what happens ?
I check rights in directory and everything is correct.

opsi-product-updater
Traceback:
line 1187 in '<module>' in file '/usr/bin/opsi-product-updater'
line 1180 in 'main' in file '/usr/bin/opsi-product-updater'
line 478 in 'processUpdates' in file '/usr/bin/opsi-product-updater'
line 970 in 'getDownloadablePackages' in file '/usr/bin/opsi-product-updater'
line 1090 in 'getDownloadablePackagesFromRepository' in file '/usr/bin/opsi-product-updater'
==>>> Failed to process url 'https://{server}:4447/repository': <urlopen error Tunnel connection failed: 403 Forbidden>
ERROR: Failed to process url 'https://{server}:4447/repository': <urlopen error Tunnel connection failed: 403 Forbidden>

Does 'https://{server}:4447/repository' exist ?

I think your file /etc/opsi/opsi-product-updater.conf is not good...

Regards

Hi,

does it really say "https://{server}:4447/"?

Do you use a proxy?


Kind regards

Niko

I change in post the IP to {server}.
For example: 10.0.2.5 is {server}.

All depots are in one cloud network and Depots see each other.

For example:
I could do:
opsi-package-manager -i package.opsi -d all
That program connect and install product on 3 depots.

My opsi-product-updater.conf, last lines: Then I enter correct username and password in config file is the same error and when I enter wrong username and password that I think is the problem with auth in page /repository

Hi,

do you use PAM for auth on your opsi server?
If so please make sure that the clients are able to auth themself on the configserver.


With kind regards

Niko

Hi,
I use authorization by domain but adminuser is authorization by system.
I don't understand why Primary Master Depot (PMD) could login to Second Master Depot (SMD) from opsi-package-manager but SMD couldn't login from opsi-product-updater.


Regards,
Mateusz.

Hi Mateusz,

aszykmat hat geschrieben:I use authorization by domain but adminuser is authorization by system.

so there is PAM involved?

aszykmat hat geschrieben:I don't understand why Primary Master Depot (PMD) could login to Second Master Depot (SMD) from opsi-package-manager but SMD couldn't login from opsi-product-updater.

Are the auth mechanism on PMD & SMD configured differently?


With kind regards

Niko

Auth in PMD and SMD is the same, adminuser is auth by system and other users is auth by kerberos.

I did an interesting test in SMD and I add lines with fake user and password in opsi-product-updater.conf and I received a log:
Traceback:
line 103 in 'processResult' in file '/usr/lib/python2.7/dist-packages/OPSI/Backend/JSONRPC.py'
==>>> Opsi authentication error: Forbidden: Backend authentication error: Backend authentication error: OpsiHostKey authentication failed for host 'SMD': wrong key (error on server)
Traceback:
line 1187 in '<module>' in file '/usr/bin/opsi-product-updater'
line 1180 in 'main' in file '/usr/bin/opsi-product-updater'
line 478 in 'processUpdates' in file '/usr/bin/opsi-product-updater'
line 970 in 'getDownloadablePackages' in file '/usr/bin/opsi-product-updater'
line 980 in 'getDownloadablePackagesFromRepository' in file '/usr/bin/opsi-product-updater'
line 447 in 'getDepotConnection' in file '/usr/bin/opsi-product-updater'
line 355 in '__init__' in file '/usr/lib/python2.7/dist-packages/OPSI/Backend/JSONRPC.py'
line 453 in 'connect' in file '/usr/lib/python2.7/dist-packages/OPSI/Backend/JSONRPC.py'
line 674 in '_jsonRPC' in file '/usr/lib/python2.7/dist-packages/OPSI/Backend/JSONRPC.py'
line 148 in 'execute' in file '/usr/lib/python2.7/dist-packages/OPSI/Backend/JSONRPC.py'
line 141 in 'waitForResult' in file '/usr/lib/python2.7/dist-packages/OPSI/Backend/Backend.py'
==>>> Opsi authentication error: Forbidden: Backend authentication error: Backend authentication error: OpsiHostKey authentication failed for host 'SMD': wrong key (error on server)


When I expecting answer, I installed third deploy server and I have the same problem.

Got repository local url 'file:///var/lib/opsi/repository' for depot 'PMD'
Traceback:
line 1007 in 'getDownloadablePackagesFromRepository' in file '/usr/bin/opsi-product-updater'
line 404 in 'open' in file '/usr/lib/python2.7/urllib2.py'
line 422 in '_open' in file '/usr/lib/python2.7/urllib2.py'
line 382 in '_call_chain' in file '/usr/lib/python2.7/urllib2.py'
line 1222 in 'https_open' in file '/usr/lib/python2.7/urllib2.py'
line 1184 in 'do_open' in file '/usr/lib/python2.7/urllib2.py'
==>>> <urlopen error Tunnel connection failed: 403 Forbidden>
Traceback:
line 1187 in '<module>' in file '/usr/bin/opsi-product-updater'
line 1180 in 'main' in file '/usr/bin/opsi-product-updater'
line 478 in 'processUpdates' in file '/usr/bin/opsi-product-updater'
line 970 in 'getDownloadablePackages' in file '/usr/bin/opsi-product-updater'
line 1090 in 'getDownloadablePackagesFromRepository' in file '/usr/bin/opsi-product-updater'
==>>> Failed to process url 'https://PMD:4447/repository': <urlopen error Tunnel connection failed: 403 Forbidden>
ERROR: Failed to process url 'https://PMD:4447/repository': <urlopen error Tunnel connection failed: 403 Forbidden>

Regards,
Mateusz.

Hi,

are your depotservers registered? Or have you standalone opsi-Servers in the cloud?

How long is the FQDN from the depotserver? Perhaps you have a problem with length.

Two depot servers are registered in MasterDepot.
All depots are working in a network.

I think, this is no problem with the FQDN because I have access to depot server (FQDN, short name DNS) by web browser.

Regards.