Project

Profile

Help

Issue #1372

closed

Nectar logging is vague when a certificate is untrusted.

Added by jcline@redhat.com over 8 years ago. Updated almost 5 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
High
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version - Nectar:
Platform Release:
2.8.5
Target Release - Nectar:
1.5.2
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

When nectar encounters a certificate that is not signed by a trusted CA, it simply logs that the connection failed:

Nov 13 11:11:50 dev pulp[30042]: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (1): dev.example.com
Nov 13 11:11:50 dev pulp[30042]: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (1): dev.example.com
Nov 13 11:11:50 dev pulp[30042]: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (1): dev.example.com
Nov 13 11:11:50 dev pulp[30042]: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (1): dev.example.com
Nov 13 11:11:50 dev pulp[30042]: nectar.downloaders.threaded:WARNING: Connection Error - https://dev.example.com/streamer/var/lib/pulp/content/units/rpm/0f30/0f301b45-5821-4be7-9724-3901d7103f8e?policy=eyJleHRlbnNpb25zIjoge30sICJyZXNvdXJjZSI6ICIvc3RyZWFtZXIvdmFyL2xpYi9wdWxwL2NvbnRlbnQvdW5pdHMvcnBtLzBmMzAvMGYzMDFiNDUtNTgyMS00YmU3LTk3MjQtMzkwMWQ3MTAzZjhlIiwgImV4cGlyYXRpb24iOiAxNDc4OTY3MTEwfQ%3D%3D;signature=O_yRa4oFP2i9PRip8EyTBSknhUtcDc549b253u3h4TeH5O70-CBOBiW1YRm085tUi6TeUCHhY0HM9PNNxSkhC11H6sJMyBX4BPhrEeHkjPqNmYW9n1G4AqbzRBaaEs_f77oYu0AI45dzmNei7l0Oi5GfWYKy1bFrpU9ZaAT0ZmEOUAvmMjfQOUN24mEqbw5VOFLuzdRVA4VGSl-00jJRJbhcnV-uDMDzaLFFk4oZKwhtpbCXI4j6xEi47whmBLF-zH-dDUJWirTATr9g430cGHIPGfvgz3L3MzPJtuJyFTGLmiyVSUAQlm0_zdFT3QcVwzqhmc3R0cHsrnGZP2KhoA%3D%3D could not be reached.
Nov 13 11:11:50 dev pulp[30042]: pulp.server.controllers.content:INFO: Download of /var/lib/pulp/content/units/rpm/26a4/26a4ada8-26fd-40ce-9a29-e9c7e7c8fd52 failed: Download skipped.
Nov 13 11:11:50 dev pulp[30042]: pulp.server.controllers.content:INFO: Download of /var/lib/pulp/content/units/rpm/0f30/0f301b45-5821-4be7-9724-3901d7103f8e failed: A connection error occurred.
Nov 13 11:11:50 dev pulp[30042]: nectar.downloaders.threaded:WARNING: Connection Error - https://dev.example.com/streamer/var/lib/pulp/content/units/rpm/2694/269455f1-4d3e-4fae-b99d-cf1119e1355e?policy=eyJleHRlbnNpb25zIjoge30sICJyZXNvdXJjZSI6ICIvc3RyZWFtZXIvdmFyL2xpYi9wdWxwL2NvbnRlbnQvdW5pdHMvcnBtLzI2OTQvMjY5NDU1ZjEtNGQzZS00ZmFlLWI5OWQtY2YxMTE5ZTEzNTVlIiwgImV4cGlyYXRpb24iOiAxNDc4OTY3MTEwfQ%3D%3D;signature=cSnQSGrPg7JHrwKhtr867i1lx94htHN9xxHtaauF5tm3qoewOjSu2BxKkYSeX-Jqe3sZunkUo4fGvJeLKFgPiLCo-9Jj-gJEu4XGoW_i4BvdryI6LJWZk7agYLRTjKIrygOSy_KfPO7vAO933H4MH9AgHz77nhgtifPwFCRMhlZWBwca40-e3jvsHepTPJU8UR4Tx_jer3Q7vrKbZNjrI5pZpUSsrwl613tK0hZ9Jj_AeobHwfY-6yFo-n1WWykK9GpOdSQF710M7oweuwSSbKoOD1DamSR0FNB-RJ-x84vgw6-SM13yX_DIQLHj-KzwH_TTg9lnWzUVxaBRH8mV1Q%3D%3D could not be reached.
Nov 13 11:11:50 dev pulp[30042]: pulp.server.controllers.content:INFO: Download of /var/lib/pulp/content/units/rpm/3d92/3d920b16-32d3-48d3-9860-2ddcda8d86e7 failed: Download skipped.
Nov 13 11:11:50 dev pulp[30042]: nectar.downloaders.threaded:WARNING: Connection Error - https://dev.example.com/streamer/var/lib/pulp/content/units/rpm/14f0/14f07d48-2706-4c65-9102-1b0bb9f52652?policy=eyJleHRlbnNpb25zIjoge30sICJyZXNvdXJjZSI6ICIvc3RyZWFtZXIvdmFyL2xpYi9wdWxwL2NvbnRlbnQvdW5pdHMvcnBtLzE0ZjAvMTRmMDdkNDgtMjcwNi00YzY1LTkxMDItMWIwYmI5ZjUyNjUyIiwgImV4cGlyYXRpb24iOiAxNDc4OTY3MTEwfQ%3D%3D;signature=nIl1t7mTTfWaJPCFdUI5EvRmLvmr7zXBiQDgL0fnguTGlgOwGqv9RBr5Xq-alvxzR7Dfg1YsyIEnUD-yDngP0YzOxu-SpicgGeIuTM9Y92agun1l0STsFg7YcKimQPWj7bGKmBON1RFMC41U4Ao3PHBqAYvR-XicXNQzfAc6rQayixuOjptULfY7ahPQPDdq02I6O_QAiz8aWrDiRwr7JosKP--0rLif1MPvHovonWfWV9SUtSCAwESmXeVnSFJnVapaGRTsYLEWUwpvFHR_nXUgLynqj8JA6H-Be_EgV7l3TbzDN9fc2UEDuyVTQmJUJYdXa0mUm6j9B30T_o5reA%3D%3D could not be reached.
Nov 13 11:11:50 dev pulp[30042]: nectar.downloaders.threaded:WARNING: Connection Error - https://dev.example.com/streamer/var/lib/pulp/content/units/rpm/2460/2460b024-c5c0-4f46-9103-0cade817047b?policy=eyJleHRlbnNpb25zIjoge30sICJyZXNvdXJjZSI6ICIvc3RyZWFtZXIvdmFyL2xpYi9wdWxwL2NvbnRlbnQvdW5pdHMvcnBtLzI0NjAvMjQ2MGIwMjQtYzVjMC00ZjQ2LTkxMDMtMGNhZGU4MTcwNDdiIiwgImV4cGlyYXRpb24iOiAxNDc4OTY3MTEwfQ%3D%3D;signature=kAYAizlQeS_Nx1ylu21-rcfNooYFM2i6EBEs8MTsXmXME_hL2mIjuWu_yOo2y2BWYNi13_vGeeJdeEtUHQCFPdZEEpnZxupE0e0C_q7npgWSzQRnzTC1kbdsiLR8ZjAonkiElLeQGcOFzAT2E--rNK9isBfEnCD6luFtv73NmHrgnGx5Dim0xHKqAKs5MKUKUlCKZxdg5SdOOXptayv6B6pLVSEO7x0jyt2rJaCG0JiAbXXZb_aeY3tCV9MmOQ92t7jDaRQzbZx3yGnjA5CjAGI_pmroBfc-s9Pes0mqLe6cF8iCu-9wI4eFVbvL458yYEUKMYP-tZ6C8Z7rj8ZaXQ%3D%3D could not be reached.
Nov 13 11:11:50 dev pulp[30042]: pulp.server.controllers.content:INFO: Download of /var/lib/pulp/content/units/rpm/353e/353ea3fc-911c-45e5-a9b1-c82d2debd365 failed: Download skipped.
Nov 13 11:11:50 dev pulp[30042]: pulp.server.controllers.content:INFO: Download of /var/lib/pulp/content/units/rpm/2694/269455f1-4d3e-4fae-b99d-cf1119e1355e failed: A connection error occurred.
Nov 13 11:11:50 dev pulp[30042]: pulp.server.controllers.content:INFO: Download of /var/lib/pulp/content/units/rpm/14f0/14f07d48-2706-4c65-9102-1b0bb9f52652 failed: A connection error occurred.
Nov 13 11:11:50 dev pulp[30042]: pulp.server.controllers.content:INFO: Download of /var/lib/pulp/content/units/rpm/2460/2460b024-c5c0-4f46-9103-0cade817047b failed: A connection error occurred.

Rather than simply logging 'A connection error occurred', it should log that the connection failed because the server certificate is not trusted.

To reproduce:

  1. Create a nectar downloader that is configured to only accept valid certificates.
  2. Create a download request to a server using a certificate that is untrusted (the default key/cert pair generated by apache on install works nicely).
  3. Download.
  4. Observe the logs.

Also available in: Atom PDF