Bug 1445428
Summary: | httpd: HTTP Error 400 - Bad Request | ||
---|---|---|---|
Product: | [Community] Spacewalk | Reporter: | vinzenz.meier |
Component: | Server | Assignee: | Tomáš Kašpárek <tkasparek> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Red Hat Satellite QA List <satqe-list> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 2.6 | CC: | c.lilwah, ggainey, matthewgwilkinson |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-06-19 08:17:36 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1484117 |
Description
vinzenz.meier
2017-04-25 16:09:56 UTC
I too am having this issue. I did a fresh install of spacewalk yesterday apachectl -v Server version: Apache/2.4.6 (CentOS) Server built: Apr 12 2017 21:03:28 On the client, if I edit the serverURL in /etc/sysconfig/rhn/up2date to either http or https it gives me the same error on yum check-update http: failed to retrieve repodata/repomd.xml from **** error was [Errno 14] HTTP Error 400 - Bad Request https failed to retrieve repodata/repomd.xml from **** error was [Errno 14] HTTPS Error 400 - Bad Request additionally, I get D: local action status: ((6,), 'Fatal error in Python code occurred', {}) from rhn_check -vv rhn_check -vv D: do_call packages.checkNeedUpdate('rhnsd=1',){} Loaded plugins: fastestmirror, rhnplugin D: login(forceUpdate=False) invoked D: readCachedLogin invoked D: Checking pickled loginInfo, currentTime=1493177702.55, createTime=1493177520.76, expire-offset=3600.0 D: readCachedLogin(): using pickled loginInfo set to expire at 1493181120.76 D: rpcServer: Calling XMLRPC up2date.listChannels This system is receiving updates from RHN Classic or Red Hat Satellite. Loading mirror speeds from cached hostfile * base: mirror.netflash.net * epel: mirror.steadfast.net * extras: centos.mirror.rafal.ca * updates: mirror.csclub.uwaterloo.ca updateLoginInfo() login info D: login(forceUpdate=True) invoked logging into up2date server D: rpcServer: Calling XMLRPC up2date.login D: writeCachedLogin() invoked D: Wrote pickled loginInfo at 1493177705.25 with expiration of 1493181305.25 seconds. successfully retrieved authentication token from up2date server D: logininfo:{'X-RHN-Server-Id': 1000010002, 'X-RHN-Auth-Server-Time': '1493177706.24', 'X-RHN-Auth-Channels': [['centos7_parent', '20170425161252', '1', '1'], ['centos7', '20170425161948', '0', '1']], 'X-RHN-Auth': 'CXy/TcybsxQtQG1DkALcWy2GDW/ceJz9flgU4lXOsRs=', 'X-RHN-Auth-User-Id': '', 'X-RHN-Auth-Expire-Offset': '3600.0'} updateLoginInfo() login info D: login(forceUpdate=True) invoked logging into up2date server D: rpcServer: Calling XMLRPC up2date.login D: writeCachedLogin() invoked D: Wrote pickled loginInfo at 1493177705.29 with expiration of 1493181305.29 seconds. successfully retrieved authentication token from up2date server D: logininfo:{'X-RHN-Server-Id': 1000010002, 'X-RHN-Auth-Server-Time': '1493177706.27', 'X-RHN-Auth-Channels': [['centos7_parent', '20170425161252', '1', '1'], ['centos7', '20170425161948', '0', '1']], 'X-RHN-Auth': 'w9GnU+NtfqOO5uc7e6VQGJCd664a4kzfNJ/pBgO4ya8=', 'X-RHN-Auth-User-Id': '', 'X-RHN-Auth-Expire-Offset': '3600.0'} updateLoginInfo() login info D: login(forceUpdate=True) invoked logging into up2date server D: rpcServer: Calling XMLRPC up2date.login D: writeCachedLogin() invoked D: Wrote pickled loginInfo at 1493177705.34 with expiration of 1493181305.34 seconds. successfully retrieved authentication token from up2date server D: logininfo:{'X-RHN-Server-Id': 1000010002, 'X-RHN-Auth-Server-Time': '1493177706.33', 'X-RHN-Auth-Channels': [['centos7_parent', '20170425161252', '1', '1'], ['centos7', '20170425161948', '0', '1']], 'X-RHN-Auth': 'J0Lvv2Vwu3SNSMw4y5ws+k7tMyLcWwzZLPorNEPJYU8=', 'X-RHN-Auth-User-Id': '', 'X-RHN-Auth-Expire-Offset': '3600.0'} D: local action status: ((6,), 'Fatal error in Python code occurred', {}) D: rpcServer: Calling XMLRPC registration.welcome_message also tried visiting the url in web browser. output is below. Request URL:http://[my spacewalk fqdn]/XMLRPC/GET-REQ/centos7/repodata/repomd.xml Request Method:GET Status Code:405 Method Not Allowed Remote Address:[spacewalk server ip address]:80 Referrer Policy:no-referrer-when-downgrade same response with wget. for comparison to the above packages, here is my package list as well client: rpm -qa|egrep 'rhn|spacewalk' rhn-client-tools-2.6.8-1.el7.noarch rhn-setup-2.6.8-1.el7.noarch rhn-check-2.6.8-1.el7.noarch rhn-org-trusted-ssl-cert-1.0-1.noarch spacewalk-backend-usix-2.6.77-1.el7.noarch rhncfg-client-5.10.99-1.el7.noarch rhncfg-management-5.10.99-1.el7.noarch spacewalk-client-repo-2.6-0.el7.noarch rhnlib-2.6.3-1.el7.noarch yum-rhn-plugin-2.6.3-1.el7.noarch rhnsd-5.0.25-1.el7.x86_64 rhncfg-5.10.99-1.el7.noarch rhncfg-actions-5.10.99-1.el7.noarch server: rpm -qa|egrep 'httpd|spacewalk|rhn'|sort httpd-2.4.6-45.el7.centos.4.x86_64 httpd-tools-2.4.6-45.el7.centos.4.x86_64 rhn-client-tools-2.6.8-1.el7.noarch rhnlib-2.6.3-1.el7.noarch rhn-org-httpd-ssl-key-pair-spacewalk.lab-1.0-1.noarch rhnpush-5.5.101-1.el7.noarch spacewalk-admin-2.6.1-1.el7.noarch spacewalk-backend-2.6.77-1.el7.noarch spacewalk-backend-app-2.6.77-1.el7.noarch spacewalk-backend-applet-2.6.77-1.el7.noarch spacewalk-backend-config-files-2.6.77-1.el7.noarch spacewalk-backend-config-files-common-2.6.77-1.el7.noarch spacewalk-backend-config-files-tool-2.6.77-1.el7.noarch spacewalk-backend-iss-2.6.77-1.el7.noarch spacewalk-backend-iss-export-2.6.77-1.el7.noarch spacewalk-backend-libs-2.6.77-1.el7.noarch spacewalk-backend-package-push-server-2.6.77-1.el7.noarch spacewalk-backend-server-2.6.77-1.el7.noarch spacewalk-backend-sql-2.6.77-1.el7.noarch spacewalk-backend-sql-postgresql-2.6.77-1.el7.noarch spacewalk-backend-tools-2.6.77-1.el7.noarch spacewalk-backend-usix-2.6.77-1.el7.noarch spacewalk-backend-xml-export-libs-2.6.77-1.el7.noarch spacewalk-backend-xmlrpc-2.6.77-1.el7.noarch spacewalk-base-2.6.6-1.el7.noarch spacewalk-base-minimal-2.6.6-1.el7.noarch spacewalk-base-minimal-config-2.6.6-1.el7.noarch spacewalk-branding-2.5.3-1.el7.noarch spacewalk-certs-tools-2.5.3-1.el7.noarch spacewalk-common-2.6.1-1.el7.noarch spacewalk-config-2.6.5-1.el7.noarch spacewalk-doc-indexes-2.6.2-1.el7.noarch spacewalk-html-2.6.6-1.el7.noarch spacewalk-java-2.6.49-1.el7.noarch spacewalk-java-config-2.6.49-1.el7.noarch spacewalk-java-lib-2.6.49-1.el7.noarch spacewalk-java-postgresql-2.6.49-1.el7.noarch spacewalk-jpp-workaround-2.3.5-1.el7.noarch spacewalk-postgresql-2.6.1-1.el7.noarch spacewalk-repo-2.6-0.el7.noarch spacewalk-schema-2.6.17-1.el7.noarch spacewalk-search-2.6.1-1.el7.noarch spacewalk-selinux-2.3.2-1.el7.noarch spacewalk-setup-2.6.2-1.el7.noarch spacewalk-setup-jabberd-2.3.2-1.el7.noarch spacewalk-setup-postgresql-2.6.2-1.el7.noarch spacewalk-taskomatic-2.6.49-1.el7.noarch i hope this additional information helps So what's happening here is the result of an update to httpd, that enforces strict whitespace rules, that uncovered a bug in yum-rhn-plugin that was introduced in 2010. (THhe spacewalk commit that started us down this path, for anyone who is interested, is 213b97e38dd75007281b37e3180dc68b736f2fac ) yum-rhn-plugin has been fixed, but a client without the fix yet won't be able to call home to *get* the fix, if the server has the new httpd. There are two workarounds available: One is to downgrade httpd to something *before* 2.4.25. The other is to add an httpd config option that *turns off" strict-whitespace-enforcing until all your clients have a corrected yum-rhn-plugin. You can do that with the following: # echo “HTTPProtocolOptions unsafe” >> /etc/httpd/conf.d/123unsafe.conf; systemctl restart httpd That will put httpd back to its pre-2.4.25 behavior. spacewalk-nightly has both fixes, so they will be standard when 2.7 is released Hi Grant I have tested and confirmed it works. I did believe that it was related to the strict whitespace rules but then I saw in /etc/httpd/conf.d/aa-spacewalk-server.conf <IfVersion >= 2.4.25> HTTPProtocolOptions unsafe </IfVersion> <IfDefine _RH_HAS_HTTPPROTOCOLOPTIONS> HTTPProtocolOptions unsafe </IfDefine> so I thought it was already covered by those. the above fix seems more global. thanks for your help The latest httpd on RHEL7 is Available Packages Name : httpd Arch : x86_64 Version : 2.4.6 Release : 45.el7_3.4 Size : 1.2 M Repo : rhel-x86_64-server-7 Summary : Apache HTTP Server License : ASL 2.0 Description : The Apache HTTP Server is a powerful, efficient, and extensible : web server. So the strict whitespaceing must have been backported in this latest release - and the version macro cannot catch this (In reply to vinzenz.meier from comment #4) > The latest httpd on RHEL7 is > Available Packages > Name : httpd > Arch : x86_64 > Version : 2.4.6 > Release : 45.el7_3.4 > Size : 1.2 M > Repo : rhel-x86_64-server-7 > Summary : Apache HTTP Server > License : ASL 2.0 > Description : The Apache HTTP Server is a powerful, efficient, and extensible > : web server. > > > So the strict whitespaceing must have been backported in this latest release > - and the version macro cannot catch this Hey Vinzenz - yes indeed. See the last paragraph in https://bugzilla.redhat.com/show_bug.cgi?id=1442477#c5 , we're investigating the 'right way' to make this work for RHEL7. Just published a kbase on the details of what's going on here - see https://access.redhat.com/articles/3013361 for all the fun. Grant - is there any way for the current yum-rhn-plugin to get updated for Spacewalk Client 2.6 repo? We'd like to fix our clients now and have the httpd updated on the server in a secure fashion. If not, I assume we have to wait for SW 2.7? Looks like it was indeed updated. Thanks! (In reply to Matt Wilkinson from comment #8) > Looks like it was indeed updated. Thanks! Ah yes - sorry, forgot to update here when we mashed out the client update :) As the update is already present in Spacewalk 2.6 client. I am closing this BZ. This BZ closed some time during 2.5, 2.6 or 2.7. Adding to 2.7 tracking bug. |