Pulp::Admin::Login/Exec[pulp-auth] doesn't seem to handle expired session?

[TJM]

Apparently when pulp::admin::login runs, it gets a "session" certificate for some time limited period, but doesn't check whether it has expired or not, causing further steps to get an exception as follows:

Error: Failed to apply catalog: https request threw exception SSL_connect returned=1 errno=0 state=unknown state: sslv3 alert certificate expired. Connection details: url=https://pulp.domain.corp/pulp/api/v2/repositories/, cert_path=/root/.pulp/user-cert.pem.

[sentinel159868]

Same issue here..... any workarounds to handle it?

[TJM]

As a workaround, you could remove the file (/root/.pulp/user-cert.pem), which will cause the login process to run again, that will work until the session times out again. :)

It might be worth augmenting the login class to create a /root/.pulp/admin.conf with the credentials?

Looks like its already there, just have to set pulp::admin::login_method: file (strike that, it looks like login_method is set in code.

puppet-pulp/manifests/init.pp

Lines 436 to 457 in 74deb20

	if $enable_admin {
	if $ssl_username and $ssl_username != '' {
	warning('Using $ssl_username means pulp-admin login doesn\'t work. Falling back to file login but pulp_*repo providers won\'t work')
	$login_method = 'file'
	} else {
	$login_method = 'login'
	}
	class { '::pulp::admin':
	enable_deb => $enable_deb,
	enable_docker => $enable_docker,
	enable_nodes => $enable_parent_node,
	enable_ostree => $enable_ostree,
	enable_puppet => $enable_puppet,
	enable_python => $enable_python,
	enable_rpm => $enable_rpm,
	ca_path => $ca_cert,
	login_method => $login_method,
	username => $default_login,
	password => $default_password,
	require => Class['pulp::apache'],
	}

I suppose you could set pulp::enable_admin: false and then include pulp::admin with login_method set to files, but it claims there that setting will break the providers :(