search

teemtee / tmt

Test Management Tool
MIT License
81 stars 122 forks source link

class 'bkr.server.identity.IdentityFailure'>: Anonymous access denied #2584

Open guazhang opened 9 months ago

guazhang commented 9 months ago 

plan failed

    Traceback (most recent call last):
      File "/usr/lib/python3.11/site-packages/tmt/__main__.py", line 18, in run_cli
        tmt.cli.main()
      File "/usr/lib/python3.11/site-packages/click/core.py", line 1130, in __call__
        return self.main(*args, **kwargs)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3.11/site-packages/click/core.py", line 1055, in main
        rv = self.invoke(ctx)
             ^^^^^^^^^^^^^^^^
      File "/usr/lib/python3.11/site-packages/click/core.py", line 1657, in invoke
        return _process_result(sub_ctx.command.invoke(sub_ctx))
                               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3.11/site-packages/click/core.py", line 1689, in invoke
        return _process_result(rv)
               ^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3.11/site-packages/click/core.py", line 1626, in _process_result
        value = ctx.invoke(self._result_callback, value, **ctx.params)
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3.11/site-packages/click/core.py", line 760, in invoke
        return __callback(*args, **kwargs)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3.11/site-packages/click/decorators.py", line 26, in new_func
        return f(get_current_context(), *args, **kwargs)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3.11/site-packages/tmt/cli.py", line 472, in finito
        click_context.obj.run.go()
      File "/usr/lib/python3.11/site-packages/tmt/base.py", line 3511, in go
        raise tmt.utils.GeneralError(
    tmt.utils.GeneralError: plan failed

The exception was caused by 1 earlier exceptions

Cause number 1:

    <Fault 1: "<class 'bkr.server.identity.IdentityFailure'>: Anonymous access denied">

        Traceback (most recent call last):
          File "/usr/lib/python3.11/site-packages/tmt/base.py", line 3507, in go
            plan.go()
          File "/usr/lib/python3.11/site-packages/tmt/base.py", line 2268, in go
            self.finish.go()
          File "/usr/lib/python3.11/site-packages/tmt/steps/finish/__init__.py", line 188, in go
            guest.remove()
          File "/usr/lib/python3.11/site-packages/tmt/steps/provision/mrack.py", line 664, in remove
            self.api.delete()
          File "/usr/lib/python3.11/site-packages/tmt/steps/provision/mrack.py", line 342, in update_wrapper
            return asyncio.run(func(*args, **kwargs))
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
          File "/usr/lib64/python3.11/asyncio/runners.py", line 190, in run
            return runner.run(main)
                   ^^^^^^^^^^^^^^^^
          File "/usr/lib64/python3.11/asyncio/runners.py", line 118, in run
            return self._loop.run_until_complete(task)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
          File "/usr/lib64/python3.11/asyncio/base_events.py", line 653, in run_until_complete
            return future.result()
                   ^^^^^^^^^^^^^^^
          File "/usr/lib/python3.11/site-packages/tmt/steps/provision/mrack.py", line 507, in delete
            return await self._mrack_provider.delete_host(self._bkr_job_id, None)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
          File "/usr/lib/python3.11/site-packages/mrack/providers/beaker.py", line 400, in delete_host
            return self.hub.taskactions.stop(
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^
          File "/usr/lib64/python3.11/xmlrpc/client.py", line 1122, in __call__
            return self.__send(self.__name, args)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
          File "/usr/lib64/python3.11/xmlrpc/client.py", line 1464, in __request
            response = self.__transport.request(
                       ^^^^^^^^^^^^^^^^^^^^^^^^^
          File "/usr/lib/python3.11/site-packages/bkr/common/xmlrpc3.py", line 470, in request
            result = transport_class.request(self, *args, **kwargs)
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
          File "/usr/lib64/python3.11/xmlrpc/client.py", line 1166, in request
            return self.single_request(host, handler, request_body, verbose)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
          File "/usr/lib/python3.11/site-packages/bkr/common/xmlrpc3.py", line 391, in single_request
            return self.parse_response(response)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
          File "/usr/lib64/python3.11/xmlrpc/client.py", line 1354, in parse_response
            return u.close()
                   ^^^^^^^^^
          File "/usr/lib64/python3.11/xmlrpc/client.py", line 668, in close
            raise Fault(**self._stack[0])
        xmlrpc.client.Fault: <Fault 1: "<class 'bkr.server.identity.IdentityFailure'>: Anonymous access denied">

looks the krb expired, but in finish step need remove beaker server , how to workaround the error?

idorax commented 9 months ago

Looks we should catch the exception in the following to let user know plan failed is because of bkr.server.identity.IdentityFailure.

raise Fault(**self._stack[0])
        xmlrpc.client.Fault: <Fault 1: "<class 'bkr.server.identity.IdentityFailure'>: Anonymous access denied">
guazhang commented 9 months ago

Is there any method what no need identity access when remove beaker server ? the krb is expired after 10h as default, how to do that if the testing time more than 10h ?

idorax commented 9 months ago

Is there any method what no need identity access when remove beaker server ?

From my understanding, a kerberos keytab file is required on the SUT (System Under Test) running tmt. e.g.

root# grep 'KRB_KEYTAB' /etc/beaker/client.conf
KRB_KEYTAB = "/etc/foo.keytab"

root# file /etc/foo.keytab
/etc/foo.keytab: Kerberos Keytab file, realm=REDHAT.COM, principal=foo/foo.eng.rdu2.redhat.com, type=1, date=Wed Apr 12 08:27:52 2017, kvno=4

@guazhang, would you please have a try by using a keytab file?

guazhang commented 8 months ago

Don't hit the issue if keep krb valid.

idorax commented 8 months ago

Don't hit the issue if keep krb valid.

@guazhang, can we just close this issue OR do you want me to file a patch to catch the exception bkr.server.identity.IdentityFailure to remind user to keep kerberos valid?

idorax commented 8 months ago

@psss, can we close this issue directly?