pepper icon indicating copy to clipboard operation
pepper copied to clipboard

Published 20 hours ago verified publisher icon saltstack

Empty Response from Pepper but not the salt cherrypy API

Open kgib91 opened this issue 7 years ago • 1 comments

I've tried versions of pepper 0.4.1 to 0.5.1; I am using salt version 2017.7.2 (Nitrogen) w/ Python 2.7

I've installed pepper in linux, windows, and on a docker image; in all 3 cases, the "return" is the same empty result. An example of the docker command ran:

/usr/local/bin/docker run --rm -i -e SALTAPI_URL=https://**{VALID HOST}**/api/ -e SALTAPI_USER=salt_api_user -e SALTAPI_PASS=**{VALIDPASSWORD}** <localregistry}**/pepper-builder:20171107.1 pepper '**{WILDCARDALLMINIONS}**' test.ping
2017-11-08T21:50:14.4146930Z {
2017-11-08T21:50:14.4157100Z     "return": [
2017-11-08T21:50:14.4167210Z         {}
2017-11-08T21:50:14.4177410Z     ]
2017-11-08T21:50:14.4222620Z }

I will point out that the api root was moved to folder "api", and that our HTTP certificate is for a domain name currently not used when accessing. The results make no difference if I add --ignore-ssl-errors or not.

When I attempt to run the SALT-cherrypy API commands manually with CURL I get expected results:

curl -sSk https://**{VALID HOST}**:8443/api/login     -H 'Accept: application/json'     -d username=salt_api_user     -d password=**{VALIDPASSWORD}**   -d eauth=pam
curl -sSk https://**{VALID HOST>:8443/api/ -H 'Accept: application/json' -H 'X-Auth-Token: **{OTHERWISEVALIDTOKEN}**'    -d client=local     -d tgt='**{WILDCARDALLMINIONS}**'     -d fun=test.ping


{"return": [{"<MINION_0_ID>": true, "<MINION_1_ID>": true, "<MINION_2_ID>": true, "<MINION_3_ID>": true}]}

Any ideas what might be causing this? I'm sort of in a rush to figure this out, alternatively I am just going to make my own small CLI to invoke jobs/monitor jobs through the HTTP api directly.

I tried also disabling SSL completely, this was nice in that I was able to see some actual logs/verbose details; however it still spits out empty result; Again no difference here if I add/remove the API virtual directory;

python Scripts\pepper --debug-http '*' test.ping
send: 'POST /api/login HTTP/1.1\r\nAccept-Encoding: identity\r\nContent-Length:
77\r\nConnection: close\r\nAccept: application/json\r\nUser-Agent: Python-urllib
/2.7\r\nHost: 10.172.1.39:8181\r\nX-Requested-With: XMLHttpRequest\r\nContent-Ty
pe: application/json\r\n\r\n{"username": "<USER_HERE>", "password": "<PASSWORDHERE>", "eauth": "pam"}'
reply: 'HTTP/1.1 200 OK\r\n'
header: Content-Length: 181
header: Access-Control-Expose-Headers: GET, POST
header: Vary: Accept-Encoding
header: Server: CherryPy/3.2.2
header: Allow: GET, HEAD, POST
header: Access-Control-Allow-Credentials: true
header: Date: Fri, 10 Nov 2017 16:52:56 GMT
header: Access-Control-Allow-Origin: *
header: X-Auth-Token: <TOKEN_HERE>
header: Content-Type: application/json
header: Set-Cookie: session_id=<SESSION_ID>; expires
=Sat, 11 Nov 2017 02:52:56 GMT; Path=/
header: Connection: close
send: 'POST /api/ HTTP/1.1\r\nAccept-Encoding: identity\r\nContent-Length: 102\r
\nConnection: close\r\nAccept: application/json\r\nX-Auth-Token: <TOKEN>\r\nHost: 10.172.1.39:8181\r\nX-Requested-With: XMLHttp
Request\r\nUser-Agent: Python-urllib/2.7\r\nContent-Type: application/json\r\n\r
\n[{"tgt": "\'*\'", "expr_form": "glob", "batch": null, "client": "local", "arg"
: [], "fun": "test.ping"}]'
reply: 'HTTP/1.1 200 OK\r\n'
header: Content-Length: 16
header: Access-Control-Expose-Headers: GET, POST
header: Cache-Control: private
header: Vary: Accept-Encoding
header: Server: CherryPy/3.2.2
header: Allow: GET, HEAD, POST
header: Access-Control-Allow-Credentials: true
header: Date: Fri, 10 Nov 2017 16:52:56 GMT
header: Access-Control-Allow-Origin: *
header: Content-Type: application/json
header: Set-Cookie: session_id=<SESSION_ID>; expires
=Sat, 11 Nov 2017 02:52:56 GMT; Path=/
header: Connection: close
{
    "return": [
        {}
    ]
}

The request looks okay when compared to my manual execution above; Maybe it has to do w/ "expr_form", "arg" or "batch" as they're the only items not in my manual example above.

While I don't think it should matter, I'll note I am using port forwarding to make the connection

sudo iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT
sudo iptables -A INPUT -i eth0 -p tcp --dport 8443 -j ACCEPT
sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8443

My cherrypy.conf looks like:

rest_cherrypy:
  port: 8443
  root_prefix: /api
  ssl_crt: /etc/pki/tls/certs/STAR_COMPANY.crt
  ssl_key: /etc/pki/tls/certs/wildcard.COMPANY.key

kgib91 avatar Nov 09 '17 21:11 kgib91

Did you figure out a solution to this?

Moulde avatar Apr 08 '18 14:04 Moulde