Bug 624083
| Summary: | consumer create fails with SSL error when you use --server option | ||
|---|---|---|---|
| Product: | [Retired] Pulp | Reporter: | Preethi Thomas <pthomas> |
| Component: | z_other | Assignee: | Mike McCune <mmccune> |
| Status: | CLOSED DUPLICATE | QA Contact: | Preethi Thomas <pthomas> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | pkilambi, whayutin |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2010-08-23 15:58:17 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Please re-test. This should be working. *** Bug 624140 has been marked as a duplicate of this bug. *** fails_qa
[root@preethi pulp]# rpm -qa |grep pulp
pulp-tools-0.0.50-1.git.7.ecb6917.fc13.noarch
pulp-0.0.50-1.git.7.ecb6917.fc13.noarch
[root@preethi pulp]# pulp-client -u admin -p admin consumer create --id=test3 --description=test3 --server=preethi.usersys.redhat.com
Traceback (most recent call last):
File "/usr/bin/pulp-client", line 100, in <module>
PulpRegister().main()
File "/usr/lib/python2.6/site-packages/pulptools/pulpcli.py", line 108, in main
cmd.main()
File "/usr/lib/python2.6/site-packages/pulptools/core/basecore.py", line 115, in main
self._do_core()
File "/usr/lib/python2.6/site-packages/pulptools/core/core_consumer.py", line 112, in _do_core
self._create()
File "/usr/lib/python2.6/site-packages/pulptools/core/core_consumer.py", line 135, in _create
consumer = self.cconn.create(self.options.id, self.options.description)
File "/usr/lib/python2.6/site-packages/pulptools/connection.py", line 265, in create
return self.conn.request_put(method, params=consumerdata)
File "/usr/lib/python2.6/site-packages/pulptools/connection.py", line 108, in request_put
return self._request("PUT", method, params)
File "/usr/lib/python2.6/site-packages/pulptools/connection.py", line 83, in _request
headers=self.headers)
File "/usr/lib64/python2.6/httplib.py", line 898, in request
self._send_request(method, url, body, headers)
File "/usr/lib64/python2.6/httplib.py", line 935, in _send_request
self.endheaders()
File "/usr/lib64/python2.6/httplib.py", line 892, in endheaders
self._send_output()
File "/usr/lib64/python2.6/httplib.py", line 764, in _send_output
self.send(msg)
File "/usr/lib64/python2.6/httplib.py", line 723, in send
self.connect()
File "/usr/lib64/python2.6/site-packages/M2Crypto/httpslib.py", line 50, in connect
self.sock.connect((self.host, self.port))
File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Connection.py", line 184, in connect
if not check(self.get_peer_cert(), self.addr[0]):
File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Checker.py", line 123, in __call__
fieldName='commonName')
M2Crypto.SSL.Checker.WrongHost: Peer certificate commonName does not match host, expected preethi.usersys.redhat.com, got localhost
please check your local certificates. You might have an invalid cert thats causing this. Try rm -rf /etc/pki/consumer and retry. I ran the rm -rf /etc/pki/consumer and the consumer create worked. but then the consumer list failed with the ssl error. I had to run the rm -rf /etc/pki/consumer again to be able to run consumer list successfully.
[root@preethi pulp]# pulp-client -u admin -p admin consumer create --id=test6 --description=test6 --server=preethi.usersys.redhat.com
Successfully created Consumer [ test6 ]
[root@preethi pulp]# pulp-admin -u admin -p admin consumer list
Traceback (most recent call last):
File "/usr/bin/pulp-admin", line 30, in <module>
pulpcli.PulpCore().main()
File "/usr/lib/python2.6/site-packages/pulptools/pulpcli.py", line 108, in main
cmd.main()
File "/usr/lib/python2.6/site-packages/pulptools/core/basecore.py", line 115, in main
self._do_core()
File "/usr/lib/python2.6/site-packages/pulptools/core/core_consumer.py", line 114, in _do_core
self._list()
File "/usr/lib/python2.6/site-packages/pulptools/core/core_consumer.py", line 187, in _list
cons = self.cconn.consumers()
File "/usr/lib/python2.6/site-packages/pulptools/connection.py", line 301, in consumers
return self.conn.request_get(method)
File "/usr/lib/python2.6/site-packages/pulptools/connection.py", line 99, in request_get
return self._request("GET", method)
File "/usr/lib/python2.6/site-packages/pulptools/connection.py", line 83, in _request
headers=self.headers)
File "/usr/lib64/python2.6/httplib.py", line 898, in request
self._send_request(method, url, body, headers)
File "/usr/lib64/python2.6/httplib.py", line 935, in _send_request
self.endheaders()
File "/usr/lib64/python2.6/httplib.py", line 892, in endheaders
self._send_output()
File "/usr/lib64/python2.6/httplib.py", line 764, in _send_output
self.send(msg)
File "/usr/lib64/python2.6/httplib.py", line 723, in send
self.connect()
File "/usr/lib64/python2.6/site-packages/M2Crypto/httpslib.py", line 50, in connect
self.sock.connect((self.host, self.port))
File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Connection.py", line 184, in connect
if not check(self.get_peer_cert(), self.addr[0]):
File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Checker.py", line 123, in __call__
fieldName='commonName')
M2Crypto.SSL.Checker.WrongHost: Peer certificate commonName does not match host, expected preethi.usersys.redhat.com, got localhost
[root@preethi pulp]# rm -rf /etc/pki/consumer
[root@preethi pulp]# pulp-admin -u admin -p admin consumer list
+-------------------------------------------+
Consumer Information
+-------------------------------------------+
Id preethi.usersys.redhat.com
Description preethi-1
Subscribed Repos /consumers/preethi.usersys.redhat.com/repoids/
Profile http://preethi.usersys.redhat.com:8811/consumers/preethi.usersys.redhat.com/package_profile/
Id rlx=3-24.rhndev.redhat.com
Description test1
Subscribed Repos /consumers/rlx%3D3-24.rhndev.redhat.com/repoids/
Profile http://preethi.usersys.redhat.com:8811/consumers/rlx%3D3-24.rhndev.redhat.com/package_profile/
Id preethi
Description test
Subscribed Repos /consumers/preethi/repoids/
Profile http://preethi.usersys.redhat.com:8811/consumers/preethi/package_profile/
Id pthomas.rdu.redhat.com
Description test-consumer
Subscribed Repos /consumers/pthomas.rdu.redhat.com/repoids/
Profile http://preethi.usersys.redhat.com:8811/consumers/pthomas.rdu.redhat.com/package_profile/
Id rlx-3-24.rhndev.redhat.com
Description test1
Subscribed Repos /consumers/rlx-3-24.rhndev.redhat.com/repoids/
Profile http://preethi.usersys.redhat.com:8811/consumers/rlx-3-24.rhndev.redhat.com/package_profile/
Id test
Description test1
Subscribed Repos /consumers/test/repoids/
Profile http://preethi.usersys.redhat.com:8811/consumers/test/package_profile/
Id test2
Description test2
Subscribed Repos /consumers/test2/repoids/
Profile http://preethi.usersys.redhat.com:8811/consumers/test2/package_profile/
Id test3
Description test3
Subscribed Repos /consumers/test3/repoids/
Profile http://preethi.usersys.redhat.com:8811/consumers/test3/package_profile/
Id test5
Description test5
Subscribed Repos /consumers/test5/repoids/
Profile http://preethi.usersys.redhat.com:8811/consumers/test5/package_profile/
Id test6
Description test6
Subscribed Repos /consumers/test6/repoids/
Profile http://preethi.usersys.redhat.com:8811/consumers/test6/package_profile/
so looking at your error this is whats happening. Your hostname of you system is set to "preethi.usersys.redhat.com" but when the cert was generated, it set the cert's common name as localhost. This need to match on your server configuration. Try to set your pulp server to run on preethi.usersys.redhat.com instead of localhost and retry. I bet that should resolve it. Its kinda hard for pulp to guess what hostname to use if there are two. We could default always to FQDN. Lemme know how that turns out. I followed your suggestions.
[root@preethi ~]# hostname
preethi.usersys.redhat.com
I tried with changing the /etc/pulp/pulp.conf to reflect the hostname and also with leaving it at localhost
still get the error
[root@preethi ~]# rm -rf /etc/pki/consumer
[root@preethi ~]# pulp-admin -u admin -p admin consumer list
+-------------------------------------------+
Consumer Information
+-------------------------------------------+
Id rlx=3-24.rhndev.redhat.com
Description test1
Subscribed Repos /consumers/rlx%3D3-24.rhndev.redhat.com/repoids/
Profile http://preethi.usersys.redhat.com:8811/consumers/rlx%3D3-24.rhndev.redhat.com/package_profile/
Id preethi
Description test
Subscribed Repos /consumers/preethi/repoids/
Profile http://preethi.usersys.redhat.com:8811/consumers/preethi/package_profile/
Id pthomas.rdu.redhat.com
Description test-consumer
Subscribed Repos /consumers/pthomas.rdu.redhat.com/repoids/
Profile http://preethi.usersys.redhat.com:8811/consumers/pthomas.rdu.redhat.com/package_profile/
Id rlx-3-24.rhndev.redhat.com
Description test1
Subscribed Repos /consumers/rlx-3-24.rhndev.redhat.com/repoids/
Profile http://preethi.usersys.redhat.com:8811/consumers/rlx-3-24.rhndev.redhat.com/package_profile/
Id test
Description test1
Subscribed Repos /consumers/test/repoids/
Profile http://preethi.usersys.redhat.com:8811/consumers/test/package_profile/
Id test2
Description test2
Subscribed Repos /consumers/test2/repoids/
Profile http://preethi.usersys.redhat.com:8811/consumers/test2/package_profile/
Id test3
Description test3
Subscribed Repos /consumers/test3/repoids/
Profile http://preethi.usersys.redhat.com:8811/consumers/test3/package_profile/
Id preethi.usersys.redhat.com
Description test
Subscribed Repos /consumers/preethi.usersys.redhat.com/repoids/
Profile http://preethi.usersys.redhat.com:8811/consumers/preethi.usersys.redhat.com/package_profile/
Id my-test
Description test
Subscribed Repos /consumers/my-test/repoids/
Profile http://preethi.usersys.redhat.com:8811/consumers/my-test/package_profile/
[root@preethi ~]# pulp-client -u admin -p admin consumer create --id=my-test1 --description=test --server=preethi.usersys.redhat.com
Successfully created Consumer [ my-test1 ]
[root@preethi ~]# pulp-admin -u admin -p admin consumer listTraceback (most recent call last):
File "/usr/bin/pulp-admin", line 30, in <module>
pulpcli.PulpCore().main()
File "/usr/lib/python2.6/site-packages/pulptools/pulpcli.py", line 108, in main
cmd.main()
File "/usr/lib/python2.6/site-packages/pulptools/core/basecore.py", line 115, in main
self._do_core()
File "/usr/lib/python2.6/site-packages/pulptools/core/core_consumer.py", line 114, in _do_core
self._list()
File "/usr/lib/python2.6/site-packages/pulptools/core/core_consumer.py", line 187, in _list
cons = self.cconn.consumers()
File "/usr/lib/python2.6/site-packages/pulptools/connection.py", line 301, in consumers
return self.conn.request_get(method)
File "/usr/lib/python2.6/site-packages/pulptools/connection.py", line 99, in request_get
return self._request("GET", method)
File "/usr/lib/python2.6/site-packages/pulptools/connection.py", line 83, in _request
headers=self.headers)
File "/usr/lib64/python2.6/httplib.py", line 898, in request
self._send_request(method, url, body, headers)
File "/usr/lib64/python2.6/httplib.py", line 935, in _send_request
self.endheaders()
File "/usr/lib64/python2.6/httplib.py", line 892, in endheaders
self._send_output()
File "/usr/lib64/python2.6/httplib.py", line 764, in _send_output
self.send(msg)
File "/usr/lib64/python2.6/httplib.py", line 723, in send
self.connect()
File "/usr/lib64/python2.6/site-packages/M2Crypto/httpslib.py", line 50, in connect
self.sock.connect((self.host, self.port))
File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Connection.py", line 184, in connect
if not check(self.get_peer_cert(), self.addr[0]):
File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Checker.py", line 123, in __call__
fieldName='commonName')
M2Crypto.SSL.Checker.WrongHost: Peer certificate commonName does not match host, expected preethi.usersys.redhat.com, got localhost
[root@preethi ~]#
I'm out of ideas. The issue is clear that your cert validation is expecting your host to match CN in the cert but its getting localhost. Since Mike worked on that feature last sprint. Assigning to mmccune for further investigation. *** This bug has been marked as a duplicate of bug 626451 *** |
Description of problem: [root@preethi pulp]# pulp-client -u admin -p admin consumer create --id=preethi.usersys.redhat.com --description=test-consumer2 --server=preethi Traceback (most recent call last): File "/usr/bin/pulp-client", line 100, in <module> PulpRegister().main() File "/usr/lib/python2.6/site-packages/pulptools/pulpcli.py", line 108, in main cmd.main() File "/usr/lib/python2.6/site-packages/pulptools/core/basecore.py", line 115, in main self._do_core() File "/usr/lib/python2.6/site-packages/pulptools/core/core_consumer.py", line 112, in _do_core self._create() File "/usr/lib/python2.6/site-packages/pulptools/core/core_consumer.py", line 135, in _create consumer = self.cconn.create(self.options.id, self.options.description) File "/usr/lib/python2.6/site-packages/pulptools/connection.py", line 265, in create return self.conn.request_put(method, params=consumerdata) File "/usr/lib/python2.6/site-packages/pulptools/connection.py", line 108, in request_put return self._request("PUT", method, params) File "/usr/lib/python2.6/site-packages/pulptools/connection.py", line 83, in _request headers=self.headers) File "/usr/lib64/python2.6/httplib.py", line 898, in request self._send_request(method, url, body, headers) File "/usr/lib64/python2.6/httplib.py", line 935, in _send_request self.endheaders() File "/usr/lib64/python2.6/httplib.py", line 892, in endheaders self._send_output() File "/usr/lib64/python2.6/httplib.py", line 764, in _send_output self.send(msg) File "/usr/lib64/python2.6/httplib.py", line 723, in send self.connect() File "/usr/lib64/python2.6/site-packages/M2Crypto/httpslib.py", line 50, in connect self.sock.connect((self.host, self.port)) File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Connection.py", line 184, in connect if not check(self.get_peer_cert(), self.addr[0]): File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Checker.py", line 123, in __call__ fieldName='commonName') M2Crypto.SSL.Checker.WrongHost: Peer certificate commonName does not match host, expected preethi, got localhost [root@preethi pulp]# [root@preethi pulp]# pulp-client -u admin -p admin consumer create --id=preethi.usersys.redhat.com --description=test-consumer2 --server=preethi.usersys.redhat.com Traceback (most recent call last): File "/usr/bin/pulp-client", line 100, in <module> PulpRegister().main() File "/usr/lib/python2.6/site-packages/pulptools/pulpcli.py", line 108, in main cmd.main() File "/usr/lib/python2.6/site-packages/pulptools/core/basecore.py", line 115, in main self._do_core() File "/usr/lib/python2.6/site-packages/pulptools/core/core_consumer.py", line 112, in _do_core self._create() File "/usr/lib/python2.6/site-packages/pulptools/core/core_consumer.py", line 135, in _create consumer = self.cconn.create(self.options.id, self.options.description) File "/usr/lib/python2.6/site-packages/pulptools/connection.py", line 265, in create return self.conn.request_put(method, params=consumerdata) File "/usr/lib/python2.6/site-packages/pulptools/connection.py", line 108, in request_put return self._request("PUT", method, params) File "/usr/lib/python2.6/site-packages/pulptools/connection.py", line 83, in _request headers=self.headers) File "/usr/lib64/python2.6/httplib.py", line 898, in request self._send_request(method, url, body, headers) File "/usr/lib64/python2.6/httplib.py", line 935, in _send_request self.endheaders() File "/usr/lib64/python2.6/httplib.py", line 892, in endheaders self._send_output() File "/usr/lib64/python2.6/httplib.py", line 764, in _send_output self.send(msg) File "/usr/lib64/python2.6/httplib.py", line 723, in send self.connect() File "/usr/lib64/python2.6/site-packages/M2Crypto/httpslib.py", line 50, in connect self.sock.connect((self.host, self.port)) File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Connection.py", line 184, in connect if not check(self.get_peer_cert(), self.addr[0]): File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Checker.py", line 123, in __call__ fieldName='commonName') M2Crypto.SSL.Checker.WrongHost: Peer certificate commonName does not match host, expected preethi.usersys.redhat.com, got localhost [root@preethi pulp]# hostname preethi