Bug 1430836
| Summary: | Sync Plan tasks not showing updates in Tasks or sync status | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Dylan Gross <dgross> | ||||
| Component: | Sync Plans | Assignee: | Partha Aji <paji> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Peter Ondrejka <pondrejk> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 6.2.8 | CC: | ajambhul, ajoseph, anerurka, bbuckingham, bkearney, bmbouter, bschmaus, cduryee, chrobert, daviddavis, dgross, dkliban, ggainey, gscarbor, hmore, hprakash, igreen, ipanova, jbhatia, jroberts, ktordeur, lilu, mdekan, mhrivnak, mkalyat, mmccune, mmithaiw, nshaik, paji, phess, rchan, rdixon, smane, ttereshc, vanhoof, wpinheir, zhunting | ||||
| Target Milestone: | 6.4.0 | Keywords: | Triaged | ||||
| Target Release: | Unused | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | tfm-rubygem-katello-3.7.0.14-1 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2018-10-16 19:21:28 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1724792, 1546813 | ||||||
| Attachments: |
|
||||||
Since the underlying Pulp tasks appear to be running fine, I'm switching the component over to one that Foreman devs monitor. *** Bug 1452055 has been marked as a duplicate of this bug. *** In my case sync plan is working if run through API Sat 6.2.2 # curl -u <satellite-admin-user>:<satellite-admin-user-password> -k -X PUT https://<satellite-fqdn>/katello/api/organizations/<org-id>/sync_plans/<sync-plan-id>/sync -H 'content-type: application/json' e.g. [root@satellite ~]# curl -u admin:admin-pass -k -X PUT https://mysatellite.com/katello/api/organizations/1/sync_plans/1/sync -H 'content-type: application/json' To get the sync plan id, login to hammer shell and run the commands below [root@satellite ~]# hammer shell > organization list > sync-plan list --organization-id <org-ID> > exit Created attachment 1287441 [details]
python script to get a URL
This attached script will GET a URL using the same library as Pulp. It can be used to test if SSL trust is being established. Just change the value of the URL on line 5.
This bug has become a collection point for issues related to certificate errors and package misconfiguration issues (wrong python-requests version installed) that effect proper Sync Plan tasks from being handled properly. We are tracking a more appropriate bug https://bugzilla.redhat.com/show_bug.cgi?id=1466919 that will contain a fix for situations where synchronizations are interrupted during an outage and the tasks are not properly cleaned up. This bug is being moved out of active work by development but will be monitored if we determine if there are code changes necessary to prevent this issue. (In reply to Mike McCune from comment #39) > This bug has become a collection point for issues related to certificate > errors and package misconfiguration issues (wrong python-requests version > installed) that effect proper Sync Plan tasks from being handled properly. > > We are tracking a more appropriate bug > https://bugzilla.redhat.com/show_bug.cgi?id=1466919 that will contain a fix > for situations where synchronizations are interrupted during an outage and > the tasks are not properly cleaned up. This bug is being moved out of active > work by development but will be monitored if we determine if there are code > changes necessary to prevent this issue. At least for case 01681610, having in mind the long time taken to nail down the culprit (certificates) Wouldn't it be possible to enhance Satelllite with - An error message or other type of notification when an operation (or part of it) fails due to a certificate issue - Some kind of a health check tool which will verify certificates validity *** Bug 1393615 has been marked as a duplicate of this bug. *** I got the same issue on the internal satellite tls-ca-bundle.pem points to some custom cert, but I'm using Red Hat default self-signed certificates .... # rct cat-cert /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem +-------------------------------------------+ Identity Certificate +-------------------------------------------+ Certificate: Path: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem Version: 1.0 Serial: XXXXX Start Date: 2011-05-05 09:37:37+00:00 End Date: 2030-12-31 09:37:37+00:00 Alt Name: XXXX Subject: C: ES CN: XXXX O: XXXX OU: XXX Issuer: C: ES CN: XXX O: XXX OU: XXX This fixed it: # cp /etc/pki/katello/certs/katello-server-ca.crt /etc/pki/ca-trust/source/anchors/ # update-ca-trust # katello-service restart # rct cat-cert /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem +-------------------------------------------+ Identity Certificate +-------------------------------------------+ Certificate: Path: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem Version: 1.0 Serial: 14773245178775375229 Start Date: 2017-01-19 10:46:42+00:00 End Date: 2038-01-18 10:46:42+00:00 Alt Name: Subject: C: US CN: mdekan-rhel7-sat62.gsslab.brq.redhat.com L: Raleigh O: Katello OU: SomeOrgUnit ST: North Carolina Issuer: C: US CN: mdekan-rhel7-sat62.gsslab.brq.redhat.com L: Raleigh O: Katello OU: SomeOrgUnit ST: North Carolina No more post_sync request error when pulp is talking to katello after completed and successful repository sync: Dec 23 12:00:01 mdekan-rhel7-sat62 pulp: pulp_rpm.plugins.importers.yum.sync:INFO: Downloading additional units. Dec 23 12:00:02 mdekan-rhel7-sat62 pulp: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (1): cdn.redhat.com Dec 23 12:00:04 mdekan-rhel7-sat62 pulp: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (1): cdn.redhat.com Dec 23 12:00:06 mdekan-rhel7-sat62 pulp: pulp_rpm.plugins.importers.yum.sync:INFO: Sync complete. Got the same issue on my Satellite 6.1 installation, KCS updated. Faced this issue with a customer today, solution was in pip. Root cause for the SSL failure: customer had installed the 'certifi' python package via pip. As soon as we uninstalled 'certifi' the SSL failure was gone and sync plans started working perfectly again. # pip uninstall certifi The Pulp upstream bug status is at NEW. Updating the external tracker on this bug. The Pulp upstream bug priority is at Normal. Updating the external tracker on this bug. The Pulp upstream bug status is at ASSIGNED. Updating the external tracker on this bug. The Pulp upstream bug status is at POST. Updating the external tracker on this bug. The Pulp upstream bug status is at MODIFIED. Updating the external tracker on this bug. All upstream Pulp bugs are at MODIFIED+. Moving this bug to POST. Connecting redmine issue https://projects.theforeman.org/issues/24083 from this bug *** Bug 1579378 has been marked as a duplicate of this bug. *** Verified on Sat 6.4 snap 21, scheduled sync is now correctly reflected on tasks and sync status page. The Pulp upstream bug status is at CLOSED - CURRENTRELEASE. Updating the external tracker on this bug. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:2927 |
Description of problem: Since upgrading from 6.1 to 6.2, Sync plans have not been updating in the Satellite. Version-Release number of selected component (if applicable): 6.2.8 How reproducible: Unknown Actual results: Sync Plans actually execute based on logs and new content showing up, and are the sync plan is reflected in the mongodb. However, the "Syncrhonize repoisitory" tasks don't show up in the foreman tasks, and the "Sync Status" page does not get updated to reflect the last sync. Expected results: The foreman tasks should show up and the sync status page should be updated when a Repository sync happens via pulp. Additional info: This affects not just sync plans created before upgrading to 6.2, but also newly created sync plans.