I can not create a repository in pulp 3

Problem:
[root@imip-p-euw-pulp-01 /]# pulp rpm repository create --name demo_rep
Error: {“detail”:“Authentication credentials were not provided.”}
[root@imip-p-euw-pulp-01 /]#
Expected outcome:

Pulpcore version:
3.2.9
Pulp plugins installed and their versions:
rpm
Operating system - distribution and version:
RHEL 8.2
Other relevant data:
Hello Folks,
As you could see above, I’m not able to create a new repository after installed pulp 3
I have already tried the username and password within /etc/pulp/settings.py file however unsuccessfully.
Could you please help me, I really appreciate your help and time
[root@imip-p-euw-pulp-01 pulp]# cat /root/.config/pulp/cli.toml
[cli]
base_url = “https://imip-p-euw-pulp-01.itility.cc
username = “”
password = “”
cert = “”
key = “”
verify_ssl = false
format = “json”
dry_run = false
timeout = 0
verbose = 0

Hi Fabiano,

Can you check to see if Pulp is running and available using the CLI command: pulp status. This command doesn’t require authentication and should respond with a list of plugins installed, workers online, and storage available.

If the status command succeeded, then you just need to add the admin username and password to the CLI config file. Use the command pulp config edit to change the config settings.

If this command fails it could mean either

  1. Your base_url is wrong
  2. Your reverse proxy connected to Pulp isn’t running or is misconfigured
  3. Your Pulp instance isn’t running.

Hello,
As you can see its works and put I new settings using the command line pulp config edit but I’m still getting the same error

[root@imip-p-euw-pulp-01 pulp]# pulp status
{
“versions”: [
{
“component”: “core”,
“version”: “3.16.0”
},
{
“component”: “rpm”,
“version”: “3.16.1”
},
{
“component”: “file”,
“version”: “1.10.1”
}
],
“online_workers”: [
{
“pulp_created”: “2021-11-19T14:12:19.094624Z”,
“pulp_href”: “/pulp/api/v3/workers/1694917a-4e55-484f-929f-adaa34821d30/”,
“name”: “1409@imip-p-euw-pulp-01.itility.cc”,
“last_heartbeat”: “2021-11-21T16:43:55.799460Z”
},
{
“pulp_created”: “2021-11-19T14:12:19.093014Z”,
“pulp_href”: “/pulp/api/v3/workers/b9add920-4b54-4f1d-a25e-f03d6feca168/”,
“name”: “1414@imip-p-euw-pulp-01.itility.cc”,
“last_heartbeat”: “2021-11-21T16:43:55.801038Z”
}
],
“online_content_apps”: [
{
“name”: “1687@imip-p-euw-pulp-01”,
“last_heartbeat”: “2021-11-21T16:43:59.420960Z”
},
{
“name”: “1701@imip-p-euw-pulp-01”,
“last_heartbeat”: “2021-11-21T16:43:59.422167Z”
},
{
“name”: “1710@imip-p-euw-pulp-01”,
“last_heartbeat”: “2021-11-21T16:43:59.423002Z”
},
{
“name”: “1703@imip-p-euw-pulp-01”,
“last_heartbeat”: “2021-11-21T16:43:59.448973Z”
},
{
“name”: “1702@imip-p-euw-pulp-01”,
“last_heartbeat”: “2021-11-21T16:43:59.450145Z”
},
{
“name”: “1700@imip-p-euw-pulp-01”,
“last_heartbeat”: “2021-11-21T16:43:59.450445Z”
},
{
“name”: “1689@imip-p-euw-pulp-01”,
“last_heartbeat”: “2021-11-21T16:43:59.455094Z”
},
{
“name”: “1699@imip-p-euw-pulp-01”,
“last_heartbeat”: “2021-11-21T16:43:59.462171Z”
}
],
“database_connection”: {
“connected”: true
},
“redis_connection”: {
“connected”: true
},
“storage”: {
“total”: 284286857216,
“used”: 118677504,
“free”: 269655887872
}
}

[root@imip-p-euw-pulp-01 pulp]#

Can you please let me know how can I check these settings you told me?

  1. Your base_url is wrong
  • Should be here, right? cat /root/.config/pulp/cli.toml
  1. Your reverse proxy connected to Pulp isn’t running or is misconfigured
  2. Your Pulp instance isn’t running.

Did you sudo install the CLI? For the CLI it checks for a config file in three locations in this order:

  1. /etc/pulp/cli.toml
  2. ~/.config/pulp/settings.toml
  3. ~/.config/pulp/cli.toml

Note, if multiple of these files are present, then it’ll perform a merge of the settings with the last file being the ultimate setting. So if the CLI has been installed at root, then yes /root/.config/pulp/cli.toml would be the file that the CLI is getting its settings from.

If pulp status runs then the base_url is not wrong. If you are still getting Error: {"detail":"Authentication credentials were not provided."} even with your username and password entered properly in the settings then it is probably your reverse proxy not passing the authentication headers to Pulp. Run systemctl status nginx (or apache if that is the reverse proxy you are using) to make sure it is running and no errors appear. Then can you paste the contents of the nginx/apache conf file here. The status command should show where the conf file was loaded from, usually /etc/nginx/nginx.conf.

1 Like

@mikedep333 @x9c4 I’m wondering if this issue might be related to installations behind a proxy

Hey @Fabiano_Prospero
Did you make any progress with this?

Hello @mcorr
We didn’t yet, is there something more I can do it?

Just to see where you are @Fabiano_Prospero did you follow the troubleshooting tips outlined by @gerrod?
If so, can you tell us what happened at this point?

Hello, follow the file as required
[root@imip-p-euw-pulp-01 ~]# cat /etc/nginx/nginx.conf

TODO: Maybe serve multiple locations, not just one.

The “nginx” package on fedora creates this user and group.

user nginx nginx;

Gunicorn docs suggest this value.

worker_processes 1;
events {
worker_connections 1024; # increase if you have lots of clients
accept_mutex off; # set to ‘on’ if nginx worker_processes > 1
}

http {
include mime.types;
# fallback in case we can’t determine a type
default_type application/octet-stream;
sendfile on;

# If left at the default of 1024, nginx emits a warning about being unable
# to build optimal hash types.
types_hash_max_size 4096;

upstream pulp-content {
    server 127.0.0.1:24816;
}

upstream pulp-api {
    server 127.0.0.1:24817;
}

server {
    # Gunicorn docs suggest the use of the "deferred" directive on Linux.
    listen 443 default_server deferred ssl;

    ssl_certificate /etc/pulp/certs/pulp_webserver.crt;
    ssl_certificate_key /etc/pulp/certs/pulp_webserver.key;
    ssl_session_cache shared:SSL:50m;
    ssl_session_timeout 1d;
    ssl_session_tickets off;

    # intermediate configuration
    ssl_protocols TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    ssl_prefer_server_ciphers on;

    # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
    add_header Strict-Transport-Security max-age=15768000;

    server_name $hostname;

    # The default client_max_body_size is 1m. Clients uploading
    # files larger than this will need to chunk said files.
    client_max_body_size 1m;

    # Gunicorn docs suggest this value.
    keepalive_timeout 5;

    # static files that can change dynamically, or are needed for TLS
    # purposes are served through the webserver.
    root /var/lib/pulp/pulpcore_static;

    location /pulp/content/ {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        # we don't want nginx trying to do something clever with
        # redirects, we set the Host: header above already.
        proxy_redirect off;
        proxy_pass http://pulp-content;
    }

    location /pulp/api/v3/ {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        # we don't want nginx trying to do something clever with
        # redirects, we set the Host: header above already.
        proxy_redirect off;
        proxy_pass http://pulp-api;
    }

    location /auth/login/ {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        # we don't want nginx trying to do something clever with
        # redirects, we set the Host: header above already.
        proxy_redirect off;
        proxy_pass http://pulp-api;
    }

    include pulp/*.conf;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        # we don't want nginx trying to do something clever with
        # redirects, we set the Host: header above already.
        proxy_redirect off;
        proxy_pass http://pulp-api;
        # most pulp static files are served through whitenoise
        # http://whitenoise.evans.io/en/stable/
    }

    # ACME http-01 tokens, i.e, for Let's Encrypt
    location /.well-known/ {
        try_files $uri $uri/ =404;
    }

}

server {
    listen 80 default_server;
            server_name _;
    return 301 https://$host$request_uri;
}

}

Looks like you are using the default nginx.conf we generate, so that proxy isn’t an issue.

I noticed you are running the commands as sudo. Maybe the root home dir isn’t being used? Especially if you ran a sudo command that causes your root session to still use your non-root home dir.
Run:
$ env

1 Like

Hello Mike,
Indeed I’m not connect on server via root user (I connected on server using my user name and type sudo -i command line to be root).

Follow the information u asked
[root@imip-p-euw-pulp-01 ~]# env
LS_COLORS=rs=0:di=38;5;33:ln=38;5;51:mh=00:pi=40;38;5;11:so=38;5;13:do=38;5;5:bd=48;5;232;38;5;11:cd=48;5;232;38;5;3:or=48;5;232;38;5;9:mi=01;05;37;41:su=48;5;196;38;5;15:sg=48;5;11;38;5;16:ca=48;5;196;38;5;226:tw=48;5;10;38;5;16:ow=48;5;10;38;5;21:st=48;5;21;38;5;15:ex=38;5;40:.tar=38;5;9:.tgz=38;5;9:.arc=38;5;9:.arj=38;5;9:.taz=38;5;9:.lha=38;5;9:.lz4=38;5;9:.lzh=38;5;9:.lzma=38;5;9:.tlz=38;5;9:.txz=38;5;9:.tzo=38;5;9:.t7z=38;5;9:.zip=38;5;9:.z=38;5;9:.dz=38;5;9:.gz=38;5;9:.lrz=38;5;9:.lz=38;5;9:.lzo=38;5;9:.xz=38;5;9:.zst=38;5;9:.tzst=38;5;9:.bz2=38;5;9:.bz=38;5;9:.tbz=38;5;9:.tbz2=38;5;9:.tz=38;5;9:.deb=38;5;9:.rpm=38;5;9:.jar=38;5;9:.war=38;5;9:.ear=38;5;9:.sar=38;5;9:.rar=38;5;9:.alz=38;5;9:.ace=38;5;9:.zoo=38;5;9:.cpio=38;5;9:.7z=38;5;9:.rz=38;5;9:.cab=38;5;9:.wim=38;5;9:.swm=38;5;9:.dwm=38;5;9:.esd=38;5;9:.jpg=38;5;13:.jpeg=38;5;13:.mjpg=38;5;13:.mjpeg=38;5;13:.gif=38;5;13:.bmp=38;5;13:.pbm=38;5;13:.pgm=38;5;13:.ppm=38;5;13:.tga=38;5;13:.xbm=38;5;13:.xpm=38;5;13:.tif=38;5;13:.tiff=38;5;13:.png=38;5;13:.svg=38;5;13:.svgz=38;5;13:.mng=38;5;13:.pcx=38;5;13:.mov=38;5;13:.mpg=38;5;13:.mpeg=38;5;13:.m2v=38;5;13:.mkv=38;5;13:.webm=38;5;13:.ogm=38;5;13:.mp4=38;5;13:.m4v=38;5;13:.mp4v=38;5;13:.vob=38;5;13:.qt=38;5;13:.nuv=38;5;13:.wmv=38;5;13:.asf=38;5;13:.rm=38;5;13:.rmvb=38;5;13:.flc=38;5;13:.avi=38;5;13:.fli=38;5;13:.flv=38;5;13:.gl=38;5;13:.dl=38;5;13:.xcf=38;5;13:.xwd=38;5;13:.yuv=38;5;13:.cgm=38;5;13:.emf=38;5;13:.ogv=38;5;13:.ogx=38;5;13:.aac=38;5;45:.au=38;5;45:.flac=38;5;45:.m4a=38;5;45:.mid=38;5;45:.midi=38;5;45:.mka=38;5;45:.mp3=38;5;45:.mpc=38;5;45:.ogg=38;5;45:.ra=38;5;45:.wav=38;5;45:.oga=38;5;45:.opus=38;5;45:.spx=38;5;45:*.xspf=38;5;45:
LANG=C.UTF-8
HISTCONTROL=ignoredups
SUDO_GID=1000234
HOSTNAME=imip-p-euw-pulp-01
VIRTUALENV_USE_DISTRIBUTE=true
WORKON_HOME=/usr/local/lib/pulp//bin/python3/…
PIP_RESPECT_VIRTUALENV=true
SUDO_COMMAND=/bin/bash
USER=root
PWD=/root
HOME=/root
SUDO_USER=f.prospero
PGDATA=/var/lib/pgsql/data
SUDO_UID=1000234
VIRTUALENVWRAPPER_PYTHON=/usr/local/lib/pulp/bin/python3
MAIL=/var/spool/mail/root
SHELL=/bin/bash
TERM=xterm-256color
PIP_VIRTUALENV_BASE=/usr/local/lib/pulp//bin/python3/…
SHLVL=1
MANPATH=:/opt/puppetlabs/puppet/share/man
LOGNAME=root
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/bin:/opt/puppetlabs/bin:/root/bin
HISTSIZE=1000
LESSOPEN=||/usr/bin/lesspipe.sh %s
_=/bin/env
[root@imip-p-euw-pulp-01 ~]#

One more thing:

What variables did you use with pulp_installer? (No need for passwords/secrets).

1 Like

I followd this procedure below as root user

https://docs.pulpproject.org/pulp_cli/installation/

I mean, how did you install the pulp server? Did you use the Pulp 3 Ansible Installer? (“pulp_installer”) And if so, what variables?

1 Like

Hello Mike,
I have done the instalation via ansible following the pulp install doc.