Устанавливаю Koji по офф. и другим мануалам, все приводит к одной и той-же ошибке.
Ниже две инструкции, ввожу те же данные (единственное, что меняю - koji.example.com на свой домен koji.x.com).
www.devops-blog.net/koji/koji-rpm-build-system-ins...
www.devops-blog.net/koji/koji-rpm-build-system-ins...
Ошибка же:
koji call getLoggedInUser
Error: [('asn1 encoding routines', 'ASN1_item_verify', 'unknown message digest algorithm'), ('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]
openssl req -config ssl.cnf -new -x509 -days 3650 -key private/koji_ca_cert.key -out koji_ca_cert.crt -extensions v3_ca
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [DE]:
State or Province Name (full name) [Bavaria]:
Locality Name (eg, city) [Munich]:
Organization Name (eg, company) [Foobar Ltd.]:
Organizational Unit Name (eg, section) []:
YOUR_KOJI_HOSTNAME []:koji.x.com
Email Address []:
SSL.kojiadmin
./certgen.sh kojiadmin
Generating RSA private key, 2048 bit long modulus
.....+++
.....+++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [DE]:
State or Province Name (full name) [Bavaria]:
Locality Name (eg, city) [Munich]:
Organization Name (eg, company) [Foobar Ltd.]:
Organizational Unit Name (eg, section) []:
kojiadmin []:kojiadmin
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from ssl2.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Dec 29 13:38:58 2014 GMT
Not After : Dec 26 13:38:58 2024 GMT
Subject:
countryName = DE
stateOrProvinceName = Bavaria
organizationName = Foobar Ltd.
commonName = kojiadmin
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
5D:42:
X509v3 Authority Key Identifier:
keyid:
DirName:/C=DE/ST=Bavaria/L=Munich/O=Foobar Ltd./CN=koji.x.com
serial:
Certificate is to be certified until Dec 26 13:38:58 2024 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
В файле /etc/koji-hub/hub.conf
cat /etc/koji-hub/hub.conf
[hub]
## ConfigParser style config file, similar to ini files
## http://docs.python.org/library/configparser.html
##
## Note that multiline values can be set by indenting subsequent lines
## (which means you should not indent regular lines)
## Basic options ##
DBName = koji
DBUser = koji
DBHost = 127.0.0.1
#DBPass = example_password
KojiDir = /mnt/koji
## Kerberos authentication options ##
# AuthPrincipal = host/kojihub@EXAMPLE.COM
# AuthKeytab = /etc/koji.keytab
# ProxyPrincipals = koji/kojiweb@EXAMPLE.COM
## format string for host principals (%s = hostname)
# HostPrincipalFormat = compile/%s@EXAMPLE.COM
## end Kerberos auth configuration
## SSL client certificate auth configuration ##
#note: ssl auth may also require editing the httpd config (conf.d/kojihub.conf)
## the client username is the common name of the subject of their client certificate
DNUsernameComponent = CN
## separate multiple DNs with |
#ProxyDNs = /C=US/ST=Massachusetts/O=Example Org/OU=Example User/CN=example/emailAddress=example@example.com
ProxyDNs = /C=DE/ST=Bavaria/L=Munich/O=Foobar Ltd./CN=koji.x.com
## end SSL client certificate auth configuration
## Other options ##
LoginCreatesUser = On
KojiWebURL = http://kojiweb.example.com/koji
# The domain name that will be appended to Koji usernames
# when creating email notifications
#EmailDomain = example.com
# whether to send the task owner and package owner email or not on success. this still goes to watchers
NotifyOnSuccess = True
## Disables all notifications
# DisableNotifications = False
## Extended features
## Support Maven builds
# EnableMaven = False
## Support Windows builds
# EnableWin = False
## Koji hub plugins
## The path where plugins are found
# PluginPath = /usr/lib/koji-hub-plugins
## A space-separated list of plugins to load
# Plugins = echo
## If KojiDebug is on, the hub will be /very/ verbose and will report exception
## details to clients for anticipated errors (i.e. koji's own exceptions --
## subclasses of koji.GenericError).
# KojiDebug = On
## Determines how much detail about exceptions is reported to the client (via faults)
## Meaningful values:
## normal - a basic traceback (format_exception)
## extended - an extended traceback (format_exc_plus)
## anything else - no traceback, just the error message
## The extended traceback is intended for debugging only and should NOT be
## used in production, since it may contain sensitive information.
# KojiTraceback = normal
## These options are intended for planned outages
# ServerOffline = False
# OfflineMessage = temporary outage
# LockOut = False
## If ServerOffline is True, the server will always report a ServerOffline fault (with
## OfflineMessage as the fault string).
## If LockOut is True, the server will report a ServerOffline fault for all non-admin
## requests.
Средний
Простой
