В чем может быть проблема с koji в CentOS 7?
Устанавливаю Koji по офф. и другим мануалам, все приводит к одной и той-же ошибке.
Ниже две инструкции, ввожу те же данные (единственное, что меняю — koji.example.com на свой домен koji.x.com).
www.devops-blog.net/koji/koji-rpm-build-system-ins...
www.devops-blog.net/koji/koji-rpm-build-system-ins...
Ошибка же:
koji call getLoggedInUser
Error: [('asn1 encoding routines', 'ASN1_item_verify', 'unknown message digest algorithm'), ('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]
openssl req -config ssl.cnf -new -x509 -days 3650 -key private/koji_ca_cert.key -out koji_ca_cert.crt -extensions v3_ca You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. — Country Name (2 letter code) [DE]: State or Province Name (full name) [Bavaria]: Locality Name (eg, city) [Munich]: Organization Name (eg, company) [Foobar Ltd.]: Organizational Unit Name (eg, section) []: YOUR_KOJI_HOSTNAME []:koji.x.com Email Address []:
SSL.kojiadmin
./certgen.sh kojiadmin Generating RSA private key, 2048 bit long modulus .....+++ .....+++ e is 65537 (0x10001) You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. — Country Name (2 letter code) [DE]: State or Province Name (full name) [Bavaria]: Locality Name (eg, city) [Munich]: Organization Name (eg, company) [Foobar Ltd.]: Organizational Unit Name (eg, section) []: kojiadmin []:kojiadmin Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Using configuration from ssl2.cnf Check that the request matches the signature Signature ok Certificate Details: Serial Number: 1 (0x1) Validity Not Before: Dec 29 13:38:58 2014 GMT Not After: Dec 26 13:38:58 2024 GMT Subject: countryName = DE stateOrProvinceName = Bavaria organizationName = Foobar Ltd. commonName = kojiadmin X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 5D:42: X509v3 Authority Key Identifier: keyid: DirName:/C=DE/ST=Bavaria/L=Munich/O=Foobar Ltd./CN=koji.x.com serial: Certificate is to be certified until Dec 26 13:38:58 2024 GMT (3650 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated
В файле /etc/koji-hub/hub.conf
cat /etc/koji-hub/hub.conf [hub] ## ConfigParser style config file, similar to ini files ## docs.python.org/library/configparser.html ## ## Note that multiline values can be set by indenting subsequent lines ## (which means you should not indent regular lines) ## Basic options ## DBName = koji DBUser = koji DBHost = 127.0.0.1 #DBPass = example_password KojiDir = /mnt/koji ## Kerberos authentication options ## # AuthPrincipal = host/kojihub@EXAMPLE.COM # AuthKeytab = /etc/koji.keytab # ProxyPrincipals = koji/kojiweb@EXAMPLE.COM ## format string for host principals (%s = hostname) # HostPrincipalFormat = compile/%s@EXAMPLE.COM ## end Kerberos auth configuration ## SSL client certificate auth configuration ## #note: ssl auth may also require editing the httpd config (conf.d/kojihub.conf) ## the client username is the common name of the subject of their client certificate DNUsernameComponent = CN ## separate multiple DNs with | #ProxyDNs = /C=US/ST=Massachusetts/O=Example Org/OU=Example User/CN=example/emailAddress=example@example.com ProxyDNs = /C=DE/ST=Bavaria/L=Munich/O=Foobar Ltd./CN=koji.x.com ## end SSL client certificate auth configuration ## Other options ## LoginCreatesUser = On KojiWebURL = kojiweb.example.com/koji # The domain name that will be appended to Koji usernames # when creating email notifications #EmailDomain = example.com # whether to send the task owner and package owner email or not on success. this still goes to watchers NotifyOnSuccess = True ## Disables all notifications # DisableNotifications = False ## Extended features ## Support Maven builds # EnableMaven = False ## Support Windows builds # EnableWin = False ## Koji hub plugins ## The path where plugins are found # PluginPath = /usr/lib/koji-hub-plugins ## A space-separated list of plugins to load # Plugins = echo ## If KojiDebug is on, the hub will be /very/ verbose and will report exception ## details to clients for anticipated errors (i.e. koji's own exceptions — ## subclasses of koji.GenericError). # KojiDebug = On ## Determines how much detail about exceptions is reported to the client (via faults) ## Meaningful values: ## normal — a basic traceback (format_exception) ## extended — an extended traceback (format_exc_plus) ## anything else — no traceback, just the error message ## The extended traceback is intended for debugging only and should NOT be ## used in production, since it may contain sensitive information. # KojiTraceback = normal ## These options are intended for planned outages # ServerOffline = False # OfflineMessage = temporary outage # LockOut = False ## If ServerOffline is True, the server will always report a ServerOffline fault (with ## OfflineMessage as the fault string). ## If LockOut is True, the server will report a ServerOffline fault for all non-admin ## requests.
Ниже две инструкции, ввожу те же данные (единственное, что меняю — koji.example.com на свой домен koji.x.com).
www.devops-blog.net/koji/koji-rpm-build-system-ins...
www.devops-blog.net/koji/koji-rpm-build-system-ins...
Ошибка же:
koji call getLoggedInUser
Error: [('asn1 encoding routines', 'ASN1_item_verify', 'unknown message digest algorithm'), ('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]
openssl req -config ssl.cnf -new -x509 -days 3650 -key private/koji_ca_cert.key -out koji_ca_cert.crt -extensions v3_ca You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. — Country Name (2 letter code) [DE]: State or Province Name (full name) [Bavaria]: Locality Name (eg, city) [Munich]: Organization Name (eg, company) [Foobar Ltd.]: Organizational Unit Name (eg, section) []: YOUR_KOJI_HOSTNAME []:koji.x.com Email Address []:
SSL.kojiadmin
./certgen.sh kojiadmin Generating RSA private key, 2048 bit long modulus .....+++ .....+++ e is 65537 (0x10001) You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. — Country Name (2 letter code) [DE]: State or Province Name (full name) [Bavaria]: Locality Name (eg, city) [Munich]: Organization Name (eg, company) [Foobar Ltd.]: Organizational Unit Name (eg, section) []: kojiadmin []:kojiadmin Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Using configuration from ssl2.cnf Check that the request matches the signature Signature ok Certificate Details: Serial Number: 1 (0x1) Validity Not Before: Dec 29 13:38:58 2014 GMT Not After: Dec 26 13:38:58 2024 GMT Subject: countryName = DE stateOrProvinceName = Bavaria organizationName = Foobar Ltd. commonName = kojiadmin X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 5D:42: X509v3 Authority Key Identifier: keyid: DirName:/C=DE/ST=Bavaria/L=Munich/O=Foobar Ltd./CN=koji.x.com serial: Certificate is to be certified until Dec 26 13:38:58 2024 GMT (3650 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated
В файле /etc/koji-hub/hub.conf
cat /etc/koji-hub/hub.conf [hub] ## ConfigParser style config file, similar to ini files ## docs.python.org/library/configparser.html ## ## Note that multiline values can be set by indenting subsequent lines ## (which means you should not indent regular lines) ## Basic options ## DBName = koji DBUser = koji DBHost = 127.0.0.1 #DBPass = example_password KojiDir = /mnt/koji ## Kerberos authentication options ## # AuthPrincipal = host/kojihub@EXAMPLE.COM # AuthKeytab = /etc/koji.keytab # ProxyPrincipals = koji/kojiweb@EXAMPLE.COM ## format string for host principals (%s = hostname) # HostPrincipalFormat = compile/%s@EXAMPLE.COM ## end Kerberos auth configuration ## SSL client certificate auth configuration ## #note: ssl auth may also require editing the httpd config (conf.d/kojihub.conf) ## the client username is the common name of the subject of their client certificate DNUsernameComponent = CN ## separate multiple DNs with | #ProxyDNs = /C=US/ST=Massachusetts/O=Example Org/OU=Example User/CN=example/emailAddress=example@example.com ProxyDNs = /C=DE/ST=Bavaria/L=Munich/O=Foobar Ltd./CN=koji.x.com ## end SSL client certificate auth configuration ## Other options ## LoginCreatesUser = On KojiWebURL = kojiweb.example.com/koji # The domain name that will be appended to Koji usernames # when creating email notifications #EmailDomain = example.com # whether to send the task owner and package owner email or not on success. this still goes to watchers NotifyOnSuccess = True ## Disables all notifications # DisableNotifications = False ## Extended features ## Support Maven builds # EnableMaven = False ## Support Windows builds # EnableWin = False ## Koji hub plugins ## The path where plugins are found # PluginPath = /usr/lib/koji-hub-plugins ## A space-separated list of plugins to load # Plugins = echo ## If KojiDebug is on, the hub will be /very/ verbose and will report exception ## details to clients for anticipated errors (i.e. koji's own exceptions — ## subclasses of koji.GenericError). # KojiDebug = On ## Determines how much detail about exceptions is reported to the client (via faults) ## Meaningful values: ## normal — a basic traceback (format_exception) ## extended — an extended traceback (format_exc_plus) ## anything else — no traceback, just the error message ## The extended traceback is intended for debugging only and should NOT be ## used in production, since it may contain sensitive information. # KojiTraceback = normal ## These options are intended for planned outages # ServerOffline = False # OfflineMessage = temporary outage # LockOut = False ## If ServerOffline is True, the server will always report a ServerOffline fault (with ## OfflineMessage as the fault string). ## If LockOut is True, the server will report a ServerOffline fault for all non-admin ## requests.