Learn more about these different git repos.
Other Git URLs
I was helping a new Fedora contributor, and they told me that they could not build in Koji. Here is the error message they reported:
koji: AuthError: unable to obtain a session
This error message does not tell me very much. Here is how I debugged this further. We could build some of these steps into the client.
I asked for the output of "klist -A" and after reviewing the output, I evaluated the following:
klist -A
1) Do they have a Kerberos TGT for FEDORAPROJECT.ORG? 2) Is the Kerberos TGT still valid (not expired?) 3) Did their client obtain a HTTP/koji.fedoraproject.org@FEDORAPROJECT.ORG service ticket?
FEDORAPROJECT.ORG
HTTP/koji.fedoraproject.org@FEDORAPROJECT.ORG
The answer to the last question was "no", and in fact I saw that they had a service ticket for HTTP/proxy10.fedoraproject.org@FEDORAPROJECT.ORG instead. This was suspicious.
HTTP/proxy10.fedoraproject.org@FEDORAPROJECT.ORG
The root problem was that the Kerberos client /etc/krb5.conf file had no "rdns" nor "dns_canonicalize_hostname" settings in "[libdefaults]". From man krb5.conf , "rdns" defaults to "true" if dns_canonicalize_hostname is not "false". This means Python was trying to get a service ticket for the PTR record for the A record.
/etc/krb5.conf
rdns
dns_canonicalize_hostname
[libdefaults]
man krb5.conf
true
false
If we get a generic error back from requests-gssapi, we should try a few more investigative steps before reporting "unable to obtain a session".
See #1883 as one example of a user struggling through this.
Metadata Update from @tkopecek: - Custom field Size adjusted to None - Issue set to the milestone: 1.25
PR #2826
Some other situations I've seen this error:
A user had an ancient ~/.koji/config file, and it was very difficult to tell what the hub and authentication mechanism was. (internal RHELBLD-5313 ticket). I think the improvement here would be to mention the exact authentication mechanism that Koji performed, and the hub URL in the AuthError exception.
~/.koji/config
AuthError
The postgresql database server hit a disk limit, so the hub could not create any new sessions (internal RHELBLD-5166 ticket). I think the improvement here would be to update the hub to mention that there was some kind of database error in the exception that we return to the client.
Metadata Update from @jcupova: - Issue tagged with: testing-ready
Metadata Update from @jobrauer: - Issue tagged with: testing-done
Commit d83c152 fixes this issue
Commit de008b5 fixes this issue
Login to comment on this ticket.