Pepper doesn't work with cherrypy api about pepper HOT 30 CLOSED

Pepper is only tested against the rest_cherrypy netapi module. There are some community members who have played with it against Saltnado to varying success but rest_cherrypy is still the only development target. So it should be working for you.

• What version of pepper?
• What's the full command you're running?
• What are the HTTP request/response headers that you see (-H flag)?

from pepper.

I use pepper==0.3.5 (installed from PyPI)

The full command I run: pepper -c pepper.conf -H '*' disk.usage

The output (with HTTP headers):

send: 'POST /login HTTP/1.1\r\nAccept-Encoding: identity\r\nContent-Length: 61\r\nConnection: close\r\nAccept: application/json\r\nUser-Agent: Python-urllib/2.7\r\nHost: my-salt-apli-server:12345\r\nX-Requested-With: XMLHttpRequest\r\nContent-Type: application/json\r\n\r\n{"username": "my-user", "password": "my-password", "eauth": "pam"}'
reply: 'HTTP/1.1 200 OK\r\n'
header: Content-Length: 174
header: Access-Control-Expose-Headers: GET, POST
header: Vary: Accept-Encoding
header: Server: CherryPy/3.7.0
header: Allow: GET, HEAD, POST
header: Access-Control-Allow-Credentials: true
header: Date: Wed, 01 Jul 2015 14:50:32 GMT
header: Access-Control-Allow-Origin: *
header: X-Auth-Token: e3571c45847528c7588491494260a336cc0023fa
header: Content-Type: application/json
header: Set-Cookie: session_id=e3571c45847528c7588491494260a336cc0023fa; expires=Thu, 02 Jul 2015 00:50:32 GMT; Path=/
header: Connection: close
send: 'POST / HTTP/1.1\r\nAccept-Encoding: identity\r\nContent-Length: 80\r\nConnection: close\r\nAccept: application/json\r\nX-Auth-Token: e3571c45847528c7588491494260a336cc0023fa\r\nHost: my-salt-apli-server:12345\r\nX-Requested-With: XMLHttpRequest\r\nUser-Agent: Python-urllib/2.7\r\nContent-Type: application/json\r\n\r\n[{"fun": "test.ping", "client": "local_async", "expr_form": "glob", "tgt": "*"}]'
reply: 'HTTP/1.1 200 OK\r\n'
header: Content-Length: 78
header: Access-Control-Expose-Headers: GET, POST
header: Access-Control-Allow-Credentials: true
header: Vary: Accept-Encoding
header: Server: CherryPy/3.7.0
header: Allow: GET, HEAD, POST
header: Cache-Control: private
header: Date: Wed, 01 Jul 2015 14:50:32 GMT
header: Access-Control-Allow-Origin: *
header: Content-Type: application/json
header: Set-Cookie: session_id=e3571c45847528c7588491494260a336cc0023fa; expires=Thu, 02 Jul 2015 00:50:32 GMT; Path=/
header: Connection: close
send: 'POST / HTTP/1.1\r\nAccept-Encoding: identity\r\nContent-Length: 79\r\nConnection: close\r\nAccept: application/json\r\nX-Auth-Token: e3571c45847528c7588491494260a336cc0023fa\r\nHost: my-salt-apli-server:12345\r\nX-Requested-With: XMLHttpRequest\r\nUser-Agent: Python-urllib/2.7\r\nContent-Type: application/json\r\n\r\n[{"fun": "jobs.lookup_jid", "jid": "20150701105032386888", "client": "runner"}]'
reply: 'HTTP/1.1 401 Unauthorized\r\n'
header: Content-Length: 753
header: Access-Control-Expose-Headers: GET, POST
header: Access-Control-Allow-Credentials: true
header: Vary: Accept-Encoding
header: Server: CherryPy/3.7.0
header: Allow: GET, HEAD, POST
header: Cache-Control: private
header: Date: Wed, 01 Jul 2015 14:50:35 GMT
header: Access-Control-Allow-Origin: *
header: Content-Type: text/html;charset=utf-8
header: Set-Cookie: session_id=e3571c45847528c7588491494260a336cc0023fa; expires=Thu, 02 Jul 2015 00:50:35 GMT; Path=/
header: Connection: close
Pepper error: Authentication denied

And in your code, it breaks on salt-pepper/cli.py:237:

nodesRet = api.lookup_jid(nodesJid)

BTW, when I do the following, it works perfect for me:

import pepper

api = pepper.Pepper(url)
api.login(user, pwd, 'pam')
res = api.local(tgt, cmd)
print(json.dumps(res['return'][0], indent=4))

So why do you need this async stuff? And why do you execute test.ping each time before actual command? It looks too complex...

from pepper.

You're right that test.ping should not be in there.

I can reproduce what you're seeing. Looks like there's a problem with the -c flag. You can use the -u, -a, --username, and --password flags as a workaround.

This code to look for config/envvar/arguments needs to be better centralized so they don't step on each other. A test or two would really help as well.

Thanks for filing this! We'll get it fixed.

from pepper.

I tried next:

pepper --saltapi-url=my-salt-api-server:12345 --eauth=pam --username=my-user --password=my-password -H '*' disk.usage

But it gives the same error

from pepper.

from pepper.

I'd gladly contribute, but I'm too busy right now :(
I can provide any additional info if needed (e.g. master/minion configs and master/api logs)

from pepper.

@meggiebot - what does [Triangle] tag mean?

from pepper.

@kottenator - We're working on triaging issues for our upcoming release so we can get them into sprints, this tag helps us sort issues that need to be assigned out.

from pepper.

Got it, thanks!

from pepper.

@techhat - We talked about this issue today and though we're still going to try to get it in, it's not a blocker for Beryllium since it's separate. We could release this at any time.

from pepper.

Do you need my assistance to help you reproduce the bug?

from pepper.

Not sure, @techhat is the one actually working on this.

from pepper.

@kottenator, yes, I have been unable to reproduce so far. Which version of Salt are you running?

from pepper.

@kottenator, version 0.3.6 was released about a week ago. I wonder if this got fixed between the time you reported the issue and the release of the new version.

from pepper.

I tried pepper==0.3.6 and it still doesn't work for me... I use:

• pepper==0.3.6
• salt==2015.5.3

More versions from salt --versions-report

           Salt: 2015.5.3
         Python: 2.7.10 (default, Jun 22 2015, 12:12:22)
         Jinja2: 2.7.3
       M2Crypto: 0.22
 msgpack-python: 0.4.6
   msgpack-pure: Not Installed
       pycrypto: 2.6.1
        libnacl: Not Installed
         PyYAML: 3.11
          ioflo: Not Installed
          PyZMQ: 14.7.0
           RAET: Not Installed
            ZMQ: 4.1.2
           Mako: Not Installed
        Tornado: Not Installed

Output logs:

• pepper output
• salt-master output

from pepper.

from pepper.

Thanks for the info @kottenator, I'll get testing with those versions right away.

@whiteinge, tbh, I didn't even know about the saltdev stuff.

from pepper.

@kottenator still can't reproduce. Can you look in /var/cache/salt/master/tokens/ and see if a file exists named after the value of the session_id in your pepper output? It looks like it authenticates okay, but doesn't remember the token.

from pepper.

from pepper.

My bad @whiteinge. Is the salt-api token cached anywhere outside of RAM?

from pepper.

I've checked: there is no 4c133a... token in my /var/cache/salt/master/tokens

from pepper.

BTW, I've installed salt into a local folder, not globally. So everything (configs, logs, cache) is inside it

from pepper.

Good to know, thanks @kottenator.

from pepper.

@kottenator what does your external_auth config look like?

from pepper.

external_auth:
  pam:
    myuser:
      - .*

from pepper.

Thanks for the quick answer. I see what's going on. Should have a fix in shortly.

from pepper.

Thanks for digging it ;)

from pepper.

@kottenator thanks for your -H paste above. There's a second HTTP request there which is trying to run the jobs.list_jobs function. So although your disk.usage call succeeds you see the error for the second command. The above pull request fixes the default behavior to not have that side-effect and only run the command you specify. I think that should do it but let me know if you run into any trouble!

from pepper.

Thank you for fixing this bug! Could you, please, release a new version on PyPI so I could use the fixed version?

from pepper.

Pushed!

https://github.com/saltstack/pepper/releases/tag/0.3.7

from pepper.