Actions
Issue #5352
closed
Unable to sync using SSL certs from distribution with cert-guards
Status:
CLOSED - DUPLICATE
Priority:
Normal
Assignee:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:
Description
Ticket moved to GitHub: "pulp/pulp_file/619":https://github.com/pulp/pulp_file/issues/619
This issue was identified when attempting to write a test for 5036.
Step 5 from previous issue - Create distribution that is associated with the publication and the content
guard.
{'_created': '2019-08-26T18:47:15.979945Z',
'_href': '/pulp/api/v3/distributions/file/file/e0af98c8-4021-4cac-8ad5-f5f22b0e3a2f/',
'base_path': '5a5c0aa7-5fad-4ccd-98d0-1ccd3018fde3',
'base_url': '192.168.122.20:24816/pulp/content/5a5c0aa7-5fad-4ccd-98d0-1ccd3018fde3',
'content_guard': '/pulp/api/v3/contentguards/certguard/x509/2f0bebd8-7bdc-4246-908e-df1c81c86446/',
'name': '7f68db57-dbf9-4206-9d2a-0a576a88f7ef',
'publication': '/pulp/api/v3/publications/file/file/61088b19-d532-4654-952e-3aae03791904/'}
Step 7 - Create a remote that has a URL pointing at the Distribution from step 5 and uses the client certificate for the content guard
{'_created': '2019-08-26T18:47:18.151877Z',
'_href': '/pulp/api/v3/remotes/file/file/cd59f8e8-bcfc-4ccc-bf7f-c1283dbb5980/',
'_last_updated': '2019-08-26T18:47:18.151893Z',
'_type': 'file.file',
'download_concurrency': 20,
'name': 'e1701534-cd9c-490f-8bd9-09ba09d6aa87',
'policy': 'immediate',
'proxy_url': None,
'ssl_ca_certificate': None,
'ssl_client_certificate': '01778bb586f4ab226ea42d2b4ae61f14bb907907c970f9ee4abce87598d0070e',
'ssl_client_key': '1e6a65695ff54b2fc6713dea7aa779e77819a39bba525af234ed965b2ff553b7',
'ssl_validation': True,
'url': 'http://192.168.122.20:24816/pulp/content/5a5c0aa7-5fad-4ccd-98d0-1ccd3018fde3/PULP_MANIFEST'}
First case scenario - ssl_client_certificate, and ssl_client_key line characters not escaped.¶
Create another repository, and attempt to sync using the previous remote.
Traceback:
('Task report /pulp/api/v3/tasks/84688488-9894-4267-8c15-f633e473c6fa/ '
"contains a error: {'code': None, 'description': '[SSL] PEM lib "
"(_ssl.c:3824)', 'traceback': ' File "
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/rq/worker.py", line 822, '
'in perform_job\\n rv = job.perform()\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/rq/job.py", line 605, in '
'perform\\n self._result = self._execute()\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/rq/job.py", line 611, in '
'_execute\\n return self.func(*self.args, **self.kwargs)\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulp_file/app/tasks/synchronizing.py", '
'line 45, in synchronize\\n dv.create()\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/stages/declarative_version.py", '
'line 169, in create\\n loop.run_until_complete(pipeline)\\n File '
'"/usr/lib64/python3.7/asyncio/base_events.py", line 584, in '
'run_until_complete\\n return future.result()\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/stages/api.py", '
'line 209, in create_pipeline\\n await asyncio.gather(*futures)\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/stages/api.py", '
'line 43, in __call__\\n await self.run()\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulp_file/app/tasks/synchronizing.py", '
'line 72, in run\\n downloader = '
'self.remote.get_downloader(url=self.remote.url)\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/models/remote.py", '
'line 88, in get_downloader\\n return self.download_factory.build(url, '
'**kwargs)\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/models/remote.py", '
'line 46, in download_factory\\n self._download_factory = '
'DownloaderFactory(self)\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/download/factory.py", '
'line 67, in __init__\\n self._session = '
'self._make_aiohttp_session_from_remote()\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/download/factory.py", '
"line 96, in _make_aiohttp_session_from_remote\\n key_file.name\\n'}\n"
"Full task report: {'_href': "
"'/pulp/api/v3/tasks/84688488-9894-4267-8c15-f633e473c6fa/', '_created': "
"'2019-08-26T18:48:55.120887Z', 'state': 'failed', 'name': "
"'pulp_file.app.tasks.synchronizing.synchronize', 'started_at': "
"'2019-08-26T18:48:55.222028Z', 'finished_at': '2019-08-26T18:48:55.344024Z', "
"'non_fatal_errors': [], 'error': {'code': None, 'description': '[SSL] PEM "
"lib (_ssl.c:3824)', 'traceback': ' File "
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/rq/worker.py", line 822, '
'in perform_job\\n rv = job.perform()\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/rq/job.py", line 605, in '
'perform\\n self._result = self._execute()\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/rq/job.py", line 611, in '
'_execute\\n return self.func(*self.args, **self.kwargs)\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulp_file/app/tasks/synchronizing.py", '
'line 45, in synchronize\\n dv.create()\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/stages/declarative_version.py", '
'line 169, in create\\n loop.run_until_complete(pipeline)\\n File '
'"/usr/lib64/python3.7/asyncio/base_events.py", line 584, in '
'run_until_complete\\n return future.result()\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/stages/api.py", '
'line 209, in create_pipeline\\n await asyncio.gather(*futures)\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/stages/api.py", '
'line 43, in __call__\\n await self.run()\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulp_file/app/tasks/synchronizing.py", '
'line 72, in run\\n downloader = '
'self.remote.get_downloader(url=self.remote.url)\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/models/remote.py", '
'line 88, in get_downloader\\n return self.download_factory.build(url, '
'**kwargs)\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/models/remote.py", '
'line 46, in download_factory\\n self._download_factory = '
'DownloaderFactory(self)\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/download/factory.py", '
'line 67, in __init__\\n self._session = '
'self._make_aiohttp_session_from_remote()\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/download/factory.py", '
"line 96, in _make_aiohttp_session_from_remote\\n key_file.name\\n'}, "
"'worker': '/pulp/api/v3/workers/96dd332f-92d4-4ef7-b29e-d6c868da254e/', "
"'parent': None, 'spawned_tasks': [], 'progress_reports': [{'message': "
"'Downloading Metadata', 'state': 'failed', 'total': None, 'done': 0, "
"'suffix': None}, {'message': 'Downloading Artifacts', 'state': 'canceled', "
"'total': None, 'done': 0, 'suffix': None}, {'message': 'Associating "
"Content', 'state': 'canceled', 'total': None, 'done': 0, 'suffix': None}], "
"'created_resources': [], 'reserved_resources_record': "
"['/pulp/api/v3/remotes/file/file/cd59f8e8-bcfc-4ccc-bf7f-c1283dbb5980/', "
"'/pulp/api/v3/repositories/c1fa9bae-7a17-41bc-b142-156c6ed2a69a/']}",
{'_created': '2019-08-26T18:48:55.120887Z',
'_href': '/pulp/api/v3/tasks/84688488-9894-4267-8c15-f633e473c6fa/',
'created_resources': [],
'error': {'code': None,
'description': '[SSL] PEM lib (_ssl.c:3824)',
'traceback': ' File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/rq/worker.py", '
'line 822, in perform_job\n'
' rv = job.perform()\n'
' File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/rq/job.py", '
'line 605, in perform\n'
' self._result = self._execute()\n'
' File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/rq/job.py", '
'line 611, in _execute\n'
' return self.func(*self.args, **self.kwargs)\n'
' File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulp_file/app/tasks/synchronizing.py", '
'line 45, in synchronize\n'
' dv.create()\n'
' File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/stages/declarative_version.py", '
'line 169, in create\n'
' loop.run_until_complete(pipeline)\n'
' File '
'"/usr/lib64/python3.7/asyncio/base_events.py", line '
'584, in run_until_complete\n'
' return future.result()\n'
' File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/stages/api.py", '
'line 209, in create_pipeline\n'
' await asyncio.gather(*futures)\n'
' File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/stages/api.py", '
'line 43, in __call__\n'
' await self.run()\n'
' File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulp_file/app/tasks/synchronizing.py", '
'line 72, in run\n'
' downloader = '
'self.remote.get_downloader(url=self.remote.url)\n'
' File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/models/remote.py", '
'line 88, in get_downloader\n'
' return self.download_factory.build(url, '
'**kwargs)\n'
' File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/models/remote.py", '
'line 46, in download_factory\n'
' self._download_factory = '
'DownloaderFactory(self)\n'
' File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/download/factory.py", '
'line 67, in __init__\n'
' self._session = '
'self._make_aiohttp_session_from_remote()\n'
' File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/download/factory.py", '
'line 96, in _make_aiohttp_session_from_remote\n'
' key_file.name\n'},
'finished_at': '2019-08-26T18:48:55.344024Z',
'name': 'pulp_file.app.tasks.synchronizing.synchronize',
'non_fatal_errors': [],
'parent': None,
'progress_reports': [{'done': 0,
'message': 'Downloading Metadata',
'state': 'failed',
'suffix': None,
'total': None},
{'done': 0,
'message': 'Downloading Artifacts',
'state': 'canceled',
'suffix': None,
'total': None},
{'done': 0,
'message': 'Associating Content',
'state': 'canceled',
'suffix': None,
'total': None}],
'reserved_resources_record': ['/pulp/api/v3/remotes/file/file/cd59f8e8-bcfc-4ccc-bf7f-c1283dbb5980/',
'/pulp/api/v3/repositories/c1fa9bae-7a17-41bc-b142-156c6ed2a69a/'],
'spawned_tasks': [],
'started_at': '2019-08-26T18:48:55.222028Z',
'state': 'failed',
'worker': '/pulp/api/v3/workers/96dd332f-92d4-4ef7-b29e-d6c868da254e/'})
Second case scenario - ssl_client_certificate, and ssl_client_key line characters escaped.¶
Traceback:
('Task report /pulp/api/v3/tasks/a5cda2f6-7717-402a-9440-120f8c6926a8/ '
"contains a error: {'code': None, 'description': '403, message=\\'\\'HTTP "
'header "SSL-CLIENT-CERTIFICATE" not found.\\\'\\\'\', \'traceback\': \' '
'File "/usr/local/lib/pulp/lib64/python3.7/site-packages/rq/worker.py", line '
'822, in perform_job\\n rv = job.perform()\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/rq/job.py", line 605, in '
'perform\\n self._result = self._execute()\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/rq/job.py", line 611, in '
'_execute\\n return self.func(*self.args, **self.kwargs)\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulp_file/app/tasks/synchronizing.py", '
'line 45, in synchronize\\n dv.create()\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/stages/declarative_version.py", '
'line 169, in create\\n loop.run_until_complete(pipeline)\\n File '
'"/usr/lib64/python3.7/asyncio/base_events.py", line 584, in '
'run_until_complete\\n return future.result()\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/stages/api.py", '
'line 209, in create_pipeline\\n await asyncio.gather(*futures)\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/stages/api.py", '
'line 43, in __call__\\n await self.run()\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulp_file/app/tasks/synchronizing.py", '
'line 73, in run\\n result = await downloader.run()\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/download/base.py", '
'line 212, in run\\n return await self._run(extra_data=extra_data)\\n '
'File "/usr/local/lib/pulp/lib64/python3.7/site-packages/backoff/_async.py", '
'line 131, in retry\\n ret = await target(*args, **kwargs)\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/download/http.py", '
'line 183, in _run\\n response.raise_for_status()\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/aiohttp/client_reqrep.py", '
"line 942, in raise_for_status\\n headers=self.headers)\\n'}\n"
"Full task report: {'_href': "
"'/pulp/api/v3/tasks/a5cda2f6-7717-402a-9440-120f8c6926a8/', '_created': "
"'2019-08-26T18:53:33.784600Z', 'state': 'failed', 'name': "
"'pulp_file.app.tasks.synchronizing.synchronize', 'started_at': "
"'2019-08-26T18:53:33.890968Z', 'finished_at': '2019-08-26T18:53:34.022794Z', "
"'non_fatal_errors': [], 'error': {'code': None, 'description': '403, "
'message=\\\'\\\'HTTP header "SSL-CLIENT-CERTIFICATE" not found.\\\'\\\'\', '
"'traceback': ' File "
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/rq/worker.py", line 822, '
'in perform_job\\n rv = job.perform()\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/rq/job.py", line 605, in '
'perform\\n self._result = self._execute()\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/rq/job.py", line 611, in '
'_execute\\n return self.func(*self.args, **self.kwargs)\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulp_file/app/tasks/synchronizing.py", '
'line 45, in synchronize\\n dv.create()\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/stages/declarative_version.py", '
'line 169, in create\\n loop.run_until_complete(pipeline)\\n File '
'"/usr/lib64/python3.7/asyncio/base_events.py", line 584, in '
'run_until_complete\\n return future.result()\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/stages/api.py", '
'line 209, in create_pipeline\\n await asyncio.gather(*futures)\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/stages/api.py", '
'line 43, in __call__\\n await self.run()\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulp_file/app/tasks/synchronizing.py", '
'line 73, in run\\n result = await downloader.run()\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/download/base.py", '
'line 212, in run\\n return await self._run(extra_data=extra_data)\\n '
'File "/usr/local/lib/pulp/lib64/python3.7/site-packages/backoff/_async.py", '
'line 131, in retry\\n ret = await target(*args, **kwargs)\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/download/http.py", '
'line 183, in _run\\n response.raise_for_status()\\n File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/aiohttp/client_reqrep.py", '
"line 942, in raise_for_status\\n headers=self.headers)\\n'}, 'worker': "
"'/pulp/api/v3/workers/9b793a30-2911-46f8-95e6-e35f19650c03/', 'parent': "
"None, 'spawned_tasks': [], 'progress_reports': [{'message': 'Downloading "
"Metadata', 'state': 'failed', 'total': None, 'done': 0, 'suffix': None}, "
"{'message': 'Downloading Artifacts', 'state': 'canceled', 'total': None, "
"'done': 0, 'suffix': None}, {'message': 'Associating Content', 'state': "
"'canceled', 'total': None, 'done': 0, 'suffix': None}], 'created_resources': "
"[], 'reserved_resources_record': "
"['/pulp/api/v3/repositories/53654e44-790d-482d-b07a-ef5192a921e1/', "
"'/pulp/api/v3/remotes/file/file/022b9887-e8c9-4e71-9750-68769e847372/']}",
{'_created': '2019-08-26T18:53:33.784600Z',
'_href': '/pulp/api/v3/tasks/a5cda2f6-7717-402a-9440-120f8c6926a8/',
'created_resources': [],
'error': {'code': None,
'description': "403, message=''HTTP header "
'"SSL-CLIENT-CERTIFICATE" not found.\'\'',
'traceback': ' File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/rq/worker.py", '
'line 822, in perform_job\n'
' rv = job.perform()\n'
' File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/rq/job.py", '
'line 605, in perform\n'
' self._result = self._execute()\n'
' File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/rq/job.py", '
'line 611, in _execute\n'
' return self.func(*self.args, **self.kwargs)\n'
' File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulp_file/app/tasks/synchronizing.py", '
'line 45, in synchronize\n'
' dv.create()\n'
' File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/stages/declarative_version.py", '
'line 169, in create\n'
' loop.run_until_complete(pipeline)\n'
' File '
'"/usr/lib64/python3.7/asyncio/base_events.py", line '
'584, in run_until_complete\n'
' return future.result()\n'
' File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/stages/api.py", '
'line 209, in create_pipeline\n'
' await asyncio.gather(*futures)\n'
' File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/stages/api.py", '
'line 43, in __call__\n'
' await self.run()\n'
' File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulp_file/app/tasks/synchronizing.py", '
'line 73, in run\n'
' result = await downloader.run()\n'
' File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/download/base.py", '
'line 212, in run\n'
' return await self._run(extra_data=extra_data)\n'
' File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/backoff/_async.py", '
'line 131, in retry\n'
' ret = await target(*args, **kwargs)\n'
' File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/pulpcore/plugin/download/http.py", '
'line 183, in _run\n'
' response.raise_for_status()\n'
' File '
'"/usr/local/lib/pulp/lib64/python3.7/site-packages/aiohttp/client_reqrep.py", '
'line 942, in raise_for_status\n'
' headers=self.headers)\n'},
'finished_at': '2019-08-26T18:53:34.022794Z',
'name': 'pulp_file.app.tasks.synchronizing.synchronize',
'non_fatal_errors': [],
'parent': None,
'progress_reports': [{'done': 0,
'message': 'Downloading Metadata',
'state': 'failed',
'suffix': None,
'total': None},
{'done': 0,
'message': 'Downloading Artifacts',
'state': 'canceled',
'suffix': None,
'total': None},
{'done': 0,
'message': 'Associating Content',
'state': 'canceled',
'suffix': None,
'total': None}],
'reserved_resources_record': ['/pulp/api/v3/repositories/53654e44-790d-482d-b07a-ef5192a921e1/',
'/pulp/api/v3/remotes/file/file/022b9887-e8c9-4e71-9750-68769e847372/'],
'spawned_tasks': [],
'started_at': '2019-08-26T18:53:33.890968Z',
'state': 'failed',
'worker': '/pulp/api/v3/workers/9b793a30-2911-46f8-95e6-e35f19650c03/'})
Pulp installation from source August/26.
(pulp) [root@localhost ~]# pip list | grep pulp
pulp-ansible 0.2.0b3.dev0
pulp-certguard 0.1.0rc1
pulp-docker 4.0.0b6.dev0
pulp-file 0.1.0b2.dev0
pulp-rpm 3.0.0b5.dev0
pulpcore 3.0.0rc5.dev0
pulpcore-plugin 0.1.0rc5.dev0
Code used to create those resources: https://git.io/fjAQC
Related issues
Updated by kersom about 5 years ago
- Related to Test #5036: Test that syncing protected content works added
Updated by kersom about 5 years ago
- Related to Issue #4506: ssl_client_* and ssl_ca_certificate remote options are difficult to use added
Updated by amacdona@redhat.com about 5 years ago
- Triaged changed from No to Yes
- Sprint set to Sprint 58
Updated by pulpbot almost 3 years ago
- Description updated (diff)
- Status changed from NEW to CLOSED - DUPLICATE
Actions
.