lava-tool auth token - lava-users - op-lists.linaro.org

14 Sep 2017

      Hi  experts,
It's error when I auth token with the lava-too, because my I deploy the lava 2017.7 with SSL Self-signed certificate.  Now I can use the  XML-RPC to  auth the token with " ssl._create_unverified_context ".  How can I do ?  I  want use the lava-tool .
import ssl
ssl._create_default_https_context = ssl._create_unverified_context
import xmlrpclib
username = "lavaadmin"
token = "onku07n16r2uktjz40otgn0n9m7q1bp1b75dr4u0ph0juy7jnb8csi0u9x7fg3sf1mpgnxw00sq1otmzl3rqpdu4tl5fam45m5xyt25oin020ohkajzrx7ze0aaukkdt"
hostname = "autotest001"
protocol = "https"  # http or preferably https
server = xmlrpclib.ServerProxy("%s://%s:%s@%s/RPC2" % (protocol, username, token, hostname))
device_hostname = "qemu_test01"
jinjia_string = " {% extends 'qemu.jinja2' %} {% set mac_addr = '52:54:00:12:34:60' %} {% set memory = '1024' %} "
...
lava-tool auth-add --token-file /home/lavaadmin/xuhy/qemu_test_token  https://1680141@10.5.21.5/RPC2
ERROR: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate
verify failed (_ssl.c:661)>
Best Regards
XuHongyu
-----Original Message-----
From: Xu, Hongyu
Sent: 2017年9月12日 14:47
To: 'Neil Williams' neil.williams@linaro.org
Cc: Lava-users@lists.linaro.org
Subject: RE: [Lava-users] auth token
We deploy the lava on the Internal lan, an the domain names is private . But  let's Encrypt  can only issue certificates for valid public domain names.  Are there any other Suggestions?
Best Regards
XuHongyu
-----Original Message-----
From: Neil Williams [mailto:neil.williams@linaro.org]
Sent: 2017年9月11日 15:35
To: Xu, Hongyu hongyu.xu@hxt-semitech.com
Cc: Lava-users@lists.linaro.org
Subject: Re: [Lava-users] auth token
On 11 September 2017 at 08:28, Xu, Hongyu hongyu.xu@hxt-semitech.com wrote:
...
Hi  lava experts:
I deploy the lava 2017.7 with SSL Self-signed certificate,  then I
want to create the device-dictionary for the qemu devices, it’s error
when I add auth_token.  Please give me some suggest!
That needs to be fixed within your own SSL configuration. Lots of security packages have issues with self-signed certificates, so it is better to look at solutions like letsencrypt. Details of how this is configured are outside the scope of the lava-users mailing list, it's a general system admin task and a variety of guides are available online.
...
lava-tool auth-add --token-file /home/lavaadmin/xuhy/qemu_test_token
--user-shortcut 1680141 --endpoint-shortcut qemu_test01
https://1680141@10.5.21.5
ERROR: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate
verify failed (_ssl.c:661)>
Best Regards
XuHongyu
From: Xu, Hongyu
Sent: 2017年9月4日 14:41
To: 'Lava-users@lists.linaro.org' Lava-users@lists.linaro.org
Subject: Local Django user accounts
Hi  all,
I have installed  the lava-serer (2017.7) on my DEBIAN 9.10.  But now
I can’t sign in  with  the local Django user, this is the error infomations:
Forbidden (403)
CSRF verification failed. Request aborted.
You are seeing this message because this site requires a CSRF cookie
when submitting forms. This cookie is required for security reasons,
to ensure that your browser is not being hijacked by third parties.
If you have configured your browser to disable cookies, please
re-enable them, at least for this site, or for 'same-origin' requests.
More information is available with DEBUG=True.
This is already covered in the documentation, it's a Django change. If you have tried to solve this by using a self-signed certificate on localhost, you should avoid trying to create https://localhost/ and just update the security settings:
https://staging.validation.linaro.org/static/docs/v2/pipeline-debug.html?hig...
...
Please give me some advices!
root@hxtcorp:~# dpkg-query -l lava*
Desired=Unknown/Install/Remove/Purge/Hold
|
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Tri
g-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                              Version               Architecture
Description
+++-=================================-=====================-==========
+++===========-=======================================================
+++================
ii  lava-coordinator                  0.1.7-1               all
LAVA Coordinator daemon
un  lava-dashboard                    <none>                <none>
(no description available)
un  lava-dashboard-tool               <none>                <none>
(no description available)
ii  lava-dispatcher                   2017.7-1~bpo9+1       amd64
Linaro Automated Validation Architecture dispatcher
un  lava-scheduler                    <none>                <none>
(no description available)
un  lava-scheduler-tool               <none>                <none>
(no description available)
ii  lava-server                       2017.7-1~bpo9+1       all
Linaro Automated Validation Architecture server
ii  lava-server-doc                   2017.7-1~bpo9+1       all
Linaro Automated Validation Architecture documentation
ii  lava-tool                         0.21-1                all
command line utility for LAVA
un  lavapdu                           <none>                <none>
(no description available)
ii  lavapdu-client                    0.0.5-1               all
LAVA PDU client
ii  lavapdu-daemon                    0.0.5-1               all
LAVA PDU control daemon
add the local Django user:
sudo lava-server manage createsuperuser --username $USERNAME
--email=$EMAIL
sudo lava-server manage authorize_superuser --username $USERNAME
root@hxtcorp:/etc/lava-server# lava-server manage users list
List of users:

1680077

1680141

lava-health

xuhy

Best Regards
XuHongyu
This email is intended only for the named addressee. It may contain
information that is confidential/private, legally privileged, or
copyright-protected, and you should handle it accordingly. If you are
not the intended recipient, you do not have legal rights to retain,
copy, or distribute this email or its contents, and should promptly
delete the email and all electronic copies in your system; do not retain copies in any media.
If you have received this email in error, please notify the sender promptly.
Thank you.

Lava-users mailing list
Lava-users@lists.linaro.org
https://lists.linaro.org/mailman/listinfo/lava-users
--
Neil Williams
=============
neil.williams@linaro.org
http://www.linux.codehelp.co.uk/
This email is intended only for the named addressee. It may contain information that is confidential/private, legally privileged, or copyright-protected, and you should handle it accordingly. If you are not the intended recipient, you do not have legal rights to retain, copy, or distribute this email or its contents, and should promptly delete the email and all electronic copies in your system; do not retain copies in any media. If you have received this email in error, please notify the sender promptly. Thank you.