Opened 17 years ago
Last modified 10 years ago
#247 new defect
Bitten Plug-in cannot access SVN repos - 403: Forbidden error
Reported by: | bitten@… | Owned by: | osimons |
---|---|---|---|
Priority: | major | Milestone: | 0.6.1 |
Component: | Trac plugin | Version: | 0.5.3 |
Keywords: | Cc: | ||
Operating System: | Linux |
Description
I'm not sure how the Bitten Plugin (as opposed to bitten-slave) access the SVN repos path set in the recipe but it seems to me that if your repos is behind HTTP auth there needs to be some way to set the username/password, or have I mised something?
Below are the errors I get. Everything works fine (bitten-slave starts up) until the recipe that uses the repos path is activated, and everything works fine in a Trac install that has a SVN repos without HTTP Auth.
All Trac instances are 0.10.4 with Bitten-0.6dev_r519-py2.5.egg
$ bitten-slave --version bitten-slave 0.6dev-r519 $ bitten-slave -v http://imp.xxxxxx.com/code/randd/builds [DEBUG ] Configured packages: {} [DEBUG ] Sending slave configuration: <slave name="xxxxxx-vm"><platform processor="">i686</platform><os version="2.6.22-14-generic" family="posix">Linux</os></slave> [DEBUG ] Sending POST request to 'http://imp.xxxxxx.com/code/randd/builds' [INFO ] No pending builds
Activate the reciepe in the Admin interface:
$ bitten-slave -v http://imp.xxxxxx.com/code/randd/builds [DEBUG ] Configured packages: {} [DEBUG ] Sending slave configuration: <slave name="xxxxxx-vm"><platform processor="">i686</platform><os version="2.6.22-14-generic" family="posix">Linux</os></slave> [DEBUG ] Sending POST request to 'http://imp.xxxxxx.com/code/randd/builds' [WARNING ] Server returned error 403: Forbidden [ERROR ] HTTP Error 403: Forbidden [DEBUG ] Removing temporary directory /tmp/bittenZmhLA7
In the trac.log:
$ tail -f UNIX/share/trac/randd/log/trac.log 2008-02-03 13:31:46,383 Trac[main] WARNING: 403 Forbidden (403 Forbidden (Insufficient permissions to access /path/in/repos))
Trac itself accesses the repos as normal for Browse Source, etc, i.e. on the filesystem not over http.
A standard SVN checkout from the command line works fine too - how does Bitten Plugin get the credentials to access the SVN repos?
Attachments (0)
Change History (5)
comment:1 Changed 17 years ago by timn
comment:2 Changed 17 years ago by mikael.karon@…
There is an option to make bitten-slave authenticate with a specific user (--user=someuser --password=somepassword), but this won't be used unless the target path requires authentication, which in turn results in bitten thinking you are unauthenticated.
The solution is to require authentication on the /project/builds path.
comment:3 Changed 16 years ago by anonymous
Thanks mikael,
adding the Location Match? rule below to my Apache 2 configuration did the trick :
NameVirtualHost *:80 <VirtualHost *:80> [...] <Location /projects> SetHandler mod_python SetEnv PYTHON_EGG_CACHE /tmp/python-egg-cache PythonHandler trac.web.modpython_frontend PythonOption TracEnvParentDir /home/svn/trac-data PythonOption TracUriRoot /projects </Location> <LocationMatch "/projects/[^/]+/builds"> AuthType Basic AuthName "Trac" AuthUserFile /home/svn/trac-data/trac-passwd Require valid-user </LocationMatch> </VirtualHost>
Note: for this to work, your Trac instance must be configured to use Ht Passwd Store?.
comment:4 Changed 16 years ago by ptekchand_rz2games_com
This also helped get around "HTTP 401: Authorization Required"
C:\bitten>bitten-slave --user=slaveuser --password=password --verbose https://bittenmaster/trac/project/builds [DEBUG ] Enabling authentication with username 'slaveuser' Enabling authentication with username [DEBUG ] Configured packages: {} [DEBUG ] Sending slave configuration: <slave name="bittenslave"><platform processor=""/><os version="2003Server" family="nt">Windows</os></slave> [DEBUG ] Sending POST request to 'http://bittenmaster/trac/project/builds' [INFO ] Build pending at http://bittenmaster/trac/project/builds/1 [DEBUG ] Sending GET request to 'http://bittenmaster/trac/project/builds/1' [WARNING ] Server returned error 401: Authorization Required [ERROR ] HTTP Error 401: Authorization Required [DEBUG ] Removing temporary directory c:\docume~1\slaveuser\locals~1\temp\3\bittenvaxokh
(project, host and user names edited)
comment:5 Changed 15 years ago by osimons
- Milestone changed from 0.6 to 0.6.1
- Owner changed from cmlenz to osimons
Slave performs checkout itself, so the trick with having the slave perform checkout and storing credentials is a good solution. As for the general problem of Bitten authentication, that is the topic of #208.
The <svn:zzzz/> commands now also supports username & password arguments in recipe, and together with local slave configuration this can also be configured for each slave by using username="${svn.username}" and having [svn] username = someone in config file. That has the downside of transmitting the data to the master in plaintext, and where it gets stored as slave property and logged with debug logging...
That is not by any means ideal, and perhaps slave should support a special [local] config section for settings that can be used by slave for local operations, but are excluded from the information transmitted and used by master? Or something similar and predictable that makes storing sensitive information in local file more acceptable? Ideas?
We had the same issue. The solution that we currently use: we created a bitten-slave (unix) user. That user was used once to checkout the code manually and to store the credentials. Now when the bitten slave runs, it can used the stored credentials.
Although this is not a real solution it's a workaround until that gets fixed.