Bug 1414529
| Summary: | Unhelpful error message if a product certificate is corrupted. | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Barnaby Court <bcourt> |
| Component: | subscription-manager | Assignee: | Jiri Hnidek <jhnidek> |
| Status: | CLOSED ERRATA | QA Contact: | John Sefler <jsefler> |
| Severity: | low | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.3 | CC: | jhnidek, khowell, redakkan, skallesh |
| Target Milestone: | rc | Keywords: | EasyFix, Triaged |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | subscription-manager-1.20.2-1 | Doc Type: | No Doc Update |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-04-10 09:47:31 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Reproducing the failure on python-rhsm-1.17.9-1.el7.x86_64 ( on rhel73 manchine)
subscription management server: 2.0.41-1
subscription management rules: 5.26
subscription-manager: 1.17.15-1.el7
python-rhsm: 1.17.9-1.el7
Steps
=====
1) have one or more product id files
[root@kvm-02-guest07 ~]# ls /etc/pki/product
100000000000000.pem 100000000000002.pem 100000000000006.pem 100000000000060.pem 213412341234.pem 213412341237.pem 37060.pem 37067.pem 37070.pem 37091.pem 6050.pem 806.pem 908.pem
100000000000001.pem 100000000000003.pem 100000000000011.pem 100000000000069.pem 213412341235.pem 27060.pem 37062.pem 37068.pem 37080.pem 5050.pem 6051.pem 88888.pem 917571.pem
1000000000000023.pem 100000000000005.pem 100000000000020.pem 1.pem 213412341236.pem 32060.pem 37065.pem 37069.pem 37090.pem 5051.pem 801.pem 900.pem 98121.pem
[root@kvm-02-guest07 ~]# ls /etc/pki/product-default/
69.pem
2) modify the product cert file with junk values
vi /etc/pki/product-default/69.pem
3)Execute subscription-manager list --installed
[root@kvm-02-guest07 ~]# subscription-manager list --installed
Error loading certificate
rhsm.log
===========
2017-10-26 08:21:17,674 [INFO] subscription-manager:28056:MainThread @managercli.py:384 - Client Versions: {'python-rhsm': '1.17.9-1.el7', 'subscription-manager': '1.17.15-1.el7'}
2017-10-26 08:21:17,675 [INFO] subscription-manager:28056:MainThread @connection.py:830 - Connection built: host=subscription.rhsm.redhat.com port=443 handler=/subscription auth=identity_cert ca_dir=/etc/rhsm/ca/ verify=False
2017-10-26 08:21:17,675 [INFO] subscription-manager:28056:MainThread @connection.py:830 - Connection built: host=subscription.rhsm.redhat.com port=443 handler=/subscription auth=none
2017-10-26 08:21:17,699 [ERROR] subscription-manager:28056:MainThread @managercli.py:174 - exception caught in subscription-manager
Error loading certificate
2017-10-26 08:21:17,700 [ERROR] subscription-manager:28056:MainThread @managercli.py:175 - Error loading certificate
Traceback (most recent call last):
File "/usr/sbin/subscription-manager", line 81, in <module>
sys.exit(abs(main() or 0))
File "/usr/sbin/subscription-manager", line 72, in main
return managercli.ManagerCLI().main()
File "/usr/lib/python2.7/site-packages/subscription_manager/managercli.py", line 2744, in main
return CLI.main(self)
File "/usr/lib/python2.7/site-packages/subscription_manager/cli.py", line 160, in main
return cmd.main()
File "/usr/lib/python2.7/site-packages/subscription_manager/managercli.py", line 526, in main
return_code = self._do_command()
File "/usr/lib/python2.7/site-packages/subscription_manager/managercli.py", line 2294, in _do_command
iproducts = get_installed_product_status(self.product_dir, self.entitlement_dir, self.cp, self.options.filter_string)
File "/usr/lib/python2.7/site-packages/subscription_manager/managercli.py", line 238, in get_installed_product_status
sorter = inj.require(inj.CERT_SORTER)
File "/usr/lib/python2.7/site-packages/subscription_manager/injection.py", line 103, in require
return FEATURES.require(feature, *args, **kwargs)
File "/usr/lib/python2.7/site-packages/subscription_manager/injection.py", line 77, in require
self.providers[feature] = provider()
File "/usr/lib/python2.7/site-packages/subscription_manager/cert_sorter.py", line 322, in __init__
self.installed_mgr = inj.require(inj.INSTALLED_PRODUCTS_MANAGER)
File "/usr/lib/python2.7/site-packages/subscription_manager/injection.py", line 103, in require
return FEATURES.require(feature, *args, **kwargs)
File "/usr/lib/python2.7/site-packages/subscription_manager/injection.py", line 77, in require
self.providers[feature] = provider()
File "/usr/lib/python2.7/site-packages/subscription_manager/cache.py", line 433, in __init__
self._setup_installed()
File "/usr/lib/python2.7/site-packages/subscription_manager/cache.py", line 488, in _setup_installed
for prod_cert in self.product_dir.list():
File "/usr/lib/python2.7/site-packages/subscription_manager/certdirectory.py", line 229, in list
default_prod_list = self.default_prod_dir.list()
File "/usr/lib/python2.7/site-packages/subscription_manager/certdirectory.py", line 121, in list
listing.append(create_from_file(path))
File "/usr/lib64/python2.7/site-packages/rhsm/certificate.py", line 59, in create_from_file
return _CertFactory().create_from_file(path)
File "/usr/lib64/python2.7/site-packages/rhsm/certificate2.py", line 70, in create_from_file
return self._read_x509(_certificate.load(path), path, pem)
File "/usr/lib64/python2.7/site-packages/rhsm/certificate2.py", line 82, in _read_x509
raise CertificateException("Error loading certificate")
CertificateException: Error loading certificate
Marking this bug as verified and for multiple corrupt cert issue the following bug has been logged: https://bugzilla.redhat.com/show_bug.cgi?id=1506958 [root@dhcp35-121 ~]# subscription-manager version server type: This system is currently not registered. subscription management server: 2.2.0-1 subscription management rules: 5.26 subscription-manager: 1.20.5-1.el7 [root@dhcp35-121 ~]# ls /etc/pki/product/ 100000000000000.pem 100000000000003.pem 100000000000020.pem 213412341234.pem 27060.pem 37065.pem 37070.pem 5050.pem 801.pem 908.pem 100000000000001.pem 100000000000005.pem 100000000000060.pem 213412341235.pem modified the product cert file with junk values vi /etc/pki/product-default/69.pem [root@dhcp35-121 ~]# ls /etc/pki/product-default/ 69.pem [root@dhcp35-121 ~]# subscription-manager list --installed System certificates corrupted. Please reregister. [root@dhcp35-121 ~]# tail -f /var/log/rhsm/rhsm.log self._tunnel() File "/usr/lib64/python2.7/httplib.py", line 792, in _tunnel message.strip())) error: Tunnel connection failed: 407 Proxy Authentication Required 2017-11-10 14:29:06,136 [ERROR] subscription-manager:4442:MainThread @identity.py:145 - Reload of consumer identity cert /etc/pki/consumer/cert.pem raised an exception with msg: [Errno 2] No such file or directory: '/etc/pki/consumer/key.pem' 2017-11-10 14:29:06,143 [INFO] subscription-manager:4442:MainThread @managercli.py:453 - X-Correlation-ID: bb4351be7527421d8edc3a69bb52f360 2017-11-10 14:29:06,144 [INFO] subscription-manager:4442:MainThread @managercli.py:342 - Client Versions: {'python-rhsm': '0.0.0-1', 'subscription-manager': '1.20.5-1.el7'} 2017-11-10 14:29:06,144 [INFO] subscription-manager:4442:MainThread @connection.py:836 - Connection built: host=F21-candlepin.usersys.redhat.com port=8443 handler=/candlepin auth=identity_cert ca_dir=/etc/rhsm/ca/ insecure=False 2017-11-10 14:29:06,145 [INFO] subscription-manager:4442:MainThread @connection.py:836 - Connection built: host=F21-candlepin.usersys.redhat.com port=8443 handler=/candlepin auth=none 2017-11-10 14:29:06,175 [ERROR] subscription-manager:4442:MainThread @managercli.py:506 - Error loading certificate: /etc/pki/product-default/69.pem Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0681 |
Description of problem: If a product certificate is corrupted the error message is not very helpful. For example: 2017-01-18 18:00:41,683 [INFO] subscription-manager:31445:MainThread @managercli.py:384 - Client Versions: {'python-rhsm': '1.17.9-1.el7', 'subscription-manager': '1.17.15-\ 1.el7.centos'} 2017-01-18 18:00:41,683 [INFO] subscription-manager:31445:MainThread @connection.py:830 - Connection built: host=https://devel.example.com port=443 handler=/rhsm auth=ident\ ity_cert ca_dir=/etc/rhsm/ca/ verify=True 2017-01-18 18:00:41,684 [INFO] subscription-manager:31445:MainThread @connection.py:830 - Connection built: host=https://devel.example.com port=443 handler=/rhsm auth=none 2017-01-18 18:00:41,684 [INFO] subscription-manager:31445:MainThread @managercli.py:384 - Client Versions: {'python-rhsm': '1.17.9-1.el7', 'subscription-manager': '1.17.15-\ 1.el7.centos'} 2017-01-18 18:00:41,684 [INFO] subscription-manager:31445:MainThread @managercli.py:359 - Consumer Identity name=None uuid=None 2017-01-18 18:00:41,685 [ERROR] subscription-manager:31445:MainThread @managercli.py:174 - exception caught in subscription-manager 2017-01-18 18:00:41,685 [ERROR] subscription-manager:31445:MainThread @managercli.py:175 - Error loading certificate Traceback (most recent call last): File "/sbin/subscription-manager", line 81, in <module> sys.exit(abs(main() or 0)) File "/sbin/subscription-manager", line 72, in main return managercli.ManagerCLI().main() File "/usr/lib/python2.7/site-packages/subscription_manager/managercli.py", line 2744, in main return CLI.main(self) File "/usr/lib/python2.7/site-packages/subscription_manager/cli.py", line 160, in main return cmd.main() File "/usr/lib/python2.7/site-packages/subscription_manager/managercli.py", line 526, in main return_code = self._do_command() File "/usr/lib/python2.7/site-packages/subscription_manager/managercli.py", line 1070, in _do_command self.installed_mgr = inj.require(inj.INSTALLED_PRODUCTS_MANAGER) File "/usr/lib/python2.7/site-packages/subscription_manager/injection.py", line 103, in require return FEATURES.require(feature, *args, **kwargs) File "/usr/lib/python2.7/site-packages/subscription_manager/injection.py", line 77, in require self.providers[feature] = provider() File "/usr/lib/python2.7/site-packages/subscription_manager/cache.py", line 433, in __init__ self._setup_installed() File "/usr/lib/python2.7/site-packages/subscription_manager/cache.py", line 488, in _setup_installed for prod_cert in self.product_dir.list(): File "/usr/lib/python2.7/site-packages/subscription_manager/certdirectory.py", line 228, in list installed_prod_list = self.installed_prod_dir.list() File "/usr/lib/python2.7/site-packages/subscription_manager/certdirectory.py", line 121, in list listing.append(create_from_file(path)) File "/usr/lib64/python2.7/site-packages/rhsm/certificate.py", line 59, in create_from_file return _CertFactory().create_from_file(path) File "/usr/lib64/python2.7/site-packages/rhsm/certificate2.py", line 70, in create_from_file return self._read_x509(_certificate.load(path), path, pem) File "/usr/lib64/python2.7/site-packages/rhsm/certificate2.py", line 82, in _read_x509 raise CertificateException("Error loading certificate") CertificateException: Error loading certificate This was originally found in python-rhsm-1.17.9-1.el7.x86_64 It would be much more helpful if the python-rhsm error included which certificate it could not load.