Bug 481042

Summary: ssl connection timeout causes unhandled exception during satellite install
Product: Red Hat Enterprise Linux 5 Reporter: Brent Holden <bholden>
Component: yum-rhn-pluginAssignee: Pradeep Kilambi <pkilambi>
Status: CLOSED ERRATA QA Contact: Garik Khachikyan <gkhachik>
Severity: medium Docs Contact:
Priority: low    
Version: 5.3CC: bperkins, cperry, gkhachik, mkoci, pkilambi, rlerch
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
the software updater (pup) did not parse OpenSSL error messages correctly. Therefore, when it encountered an invalid or missing SSL certificate, the updater would crash. The parsing code is now corrected, so invalid or missing SSL certificate will not result in a crash.
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-09-02 11:22:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Brent Holden 2009-01-21 21:32:25 UTC
Description of problem:

During an installation of Satellite from RHN, if there is an SSL connection timeout it causes an unhandled traceback from yum.

Version-Release number of selected component (if applicable):

RHEL 5.3
yum 3.2.19-18
RHN Satellite 5.2.0


Steps to Reproduce:
1. Start install RHN Satellite
2. Firewall all outgoing connections during yum connection to RHN
  
Actual results:

Downloading Packages:
Traceback (most recent call last):
  File "/usr/bin/yum", line 29, in ?
    yummain.user_main(sys.argv[1:], exit_code=True)
  File "/usr/share/yum-cli/yummain.py", line 229, in user_main
    errcode = main(args)
  File "/usr/share/yum-cli/yummain.py", line 181, in main
    return_code = base.doTransaction()
  File "/usr/share/yum-cli/cli.py", line 386, in doTransaction
    problems = self.downloadPkgs(downloadpkgs, callback_total=self.download_callback_total_cb) 
  File "/usr/lib/python2.4/site-packages/yum/__init__.py", line 1148, in downloadPkgs
    cache=po.repo.http_caching != 'none',
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 709, in getPackage
    cache=cache
  File "/usr/lib/yum-plugins/rhnplugin.py", line 291, in _getFile
    start, end, copy_local, checkfunc, text, reget, cache)
  File "/usr/lib/yum-plugins/rhnplugin.py", line 383, in _noExceptionWrappingGet
    timeout=self.timeout
  File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 934, in urlgrab
    return self._retry(opts, retryfunc, url, filename)
  File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 852, in _retry
    r = apply(func, (opts,) + args, {})
  File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 920, in retryfunc
    fo = URLGrabberFileObject(url, filename, opts)
  File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 1008, in __init__
    self._do_open()
  File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 1091, in _do_open
    fo, hdr = self._make_request(req, opener)
  File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 1200, in _make_request
    fo = opener.open(req)
  File "/usr/lib/python2.4/urllib2.py", line 358, in open
    response = self._open(req, data)
  File "/usr/lib/python2.4/urllib2.py", line 376, in _open
    '_open', req)
  File "/usr/lib/python2.4/urllib2.py", line 337, in _call_chain
    result = func(*args)
  File "/usr/lib/python2.4/site-packages/M2Crypto/m2urllib2.py", line 66, in https_open
    h.request(req.get_method(), req.get_full_url(), req.data, headers)
  File "/usr/lib/python2.4/httplib.py", line 810, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.4/httplib.py", line 833, in _send_request
    self.endheaders()
  File "/usr/lib/python2.4/httplib.py", line 804, in endheaders
    self._send_output()
  File "/usr/lib/python2.4/httplib.py", line 685, in _send_output
    self.send(msg)
  File "/usr/lib/python2.4/httplib.py", line 652, in send
    self.connect()
  File "/usr/lib/python2.4/site-packages/M2Crypto/httpslib.py", line 47, in connect
    self.sock.connect((self.host, self.port))
  File "/usr/lib/python2.4/site-packages/M2Crypto/SSL/Connection.py", line 156, in connect
    ret = self.connect_ssl()
  File "/usr/lib/python2.4/site-packages/M2Crypto/SSL/Connection.py", line 149, in connect_ssl
    return m2.ssl_connect(self.ssl, self._timeout)
M2Crypto.SSL.SSLError: (104, 'Connection reset by peer')



Expected results:

Graceful handling of a timeout

Comment 3 Garik Khachikyan 2009-07-23 12:05:18 UTC
# VERIFIED

Checked the ssl connection timeout case for:
RHEL5.4-Server-20090715.0
yum-3.2.22-20.el5
Satellite-5.3.0-RHEL5-re20090722.1

Scenario is:
1. Start install.pl of RHN Satellite.
2. In a stage of downloading packages / checking package dependencies firewall outgoing packages (iptables DROP) from port 443.

Here is a output after when system ends installation process with timeout:
---
* Applying updates.
* Installing RHN packages.
Could not install RHN packages.  Most likely your system is not configured with the @Base package group.  See the RHN Satellite Server Installation Guide for more information about Software Requirements.  Exit value: 1.
Please examine /var/log/rhn/rhn-installation.log for more information.
---

And the trace from /var/log/rhn/rhn-installation.log says:
---
Error: Error communicating with server. The message was:
timed out
 You could try using --skip-broken to work around the problem
 You could try running: package-cleanup --problems
                        package-cleanup --dupes
                        rpm -Va --nofiles --nodigest
---

So the trackeback issue is fixed. More readable output is shown.

Comment 6 Ruediger Landmann 2009-08-28 01:49:40 UTC
Release note added. If any revisions are required, please set the 
"requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly.
All revisions will be proofread by the Engineering Content Services team.

New Contents:
the software updater (pup) did not parse OpenSSL error messages 
correctly. Therefore, when it encountered an invalid or missing SSL 
certificate, the updater would crash. The parsing code is now corrected, 
so invalid or missing SSL certificate will not result in a crash.

Comment 7 errata-xmlrpc 2009-09-02 11:22:46 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-1355.html