New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenID login doesn't work #2418
Comments
The same version of our software works fine on staging (against staging oid). Not sure what is going on. The |
I enabled production Fedora OpenID even on Fedora Copr stage, and it behaves the same way... I think there's some difference between id.stg.fedoraproject.org vs. id.fedoraproject.org. |
The weird thing is that our docker container uses production id.fedoraproject.org and doesn't suffer this issue. |
Deep, deep down in the python import urllib.request
url = "http://frostyx.id.fedoraproject.org/"
# On STG server it works, uncomment the variable to make sure
# url = "http://frostyx.id.stg.fedoraproject.org/"
accept = 'text/html; q=0.3, application/xhtml+xml; q=0.5, application/xrds+xml'
headers = {
'Accept': accept,
'User-Agent': 'python-openid/3.1.0 (linux) Python-urllib/3.11',
}
req = urllib.request.Request(url, data=None, headers=headers)
resp = urllib.request.urlopen(req)
print(resp.status) Edit: Timeouts on our Copr servers. It works fine on my laptop. Edit 2: It doesn't actually timeout, but takes a very long time (and thus causing the login timeout)
Edit 3: Don't think it is caused by import requests
resp = requests.get(url, headers=headers) Edit 4: So the minimal reproducer is this
And here is where it all ties to IPv6:
See, it tried the IPv6 first, but it immediately timeouted and continued to IPv4, and therefore
And it hangs forever ... Doing In all cases, IPv6 is prioritized for some reason, and our python reproducer fails because of that. Proof: import requests
requests.packages.urllib3.util.connection.HAS_IPV6 = False
resp = requests.get(url)
print(resp) This works without any issues. And I hopefully fixed the issue now. I created this file:
and |
Good job @FrostyX!
This seems like the FAS ipv6 is broken, because ipv6 just works on our server. Can you please report to the infra team? |
I have submitted some feedback for the infra team in Kevin says that they are planning to add IPv6 to iad2 early next year. Until then, I added the modified |
When I hit "login" link, with kerberos token taken, I get "504 gateway timeout".
https://pagure.io/fedora-infrastructure/issue/11025
The text was updated successfully, but these errors were encountered: