| Summary: | Can't unsubscribe from imported cert | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | J.C. Molet <jmolet> | ||||||
| Component: | subscription-manager | Assignee: | Adrian Likins <alikins> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | J.C. Molet <jmolet> | ||||||
| Severity: | high | Docs Contact: | |||||||
| Priority: | urgent | ||||||||
| Version: | 6.1 | CC: | alikins, jsefler, mkhusid, spandey | ||||||
| Target Milestone: | rc | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | |||||||||
| : | 694837 (view as bug list) | Environment: | |||||||
| Last Closed: | 2011-05-19 13:40:43 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 568421, 694837 | ||||||||
| Attachments: |
|
||||||||
commit 6a8ae0a4e03b87c3c279b079a6e1622bc57d8752
Author: Adrian Likins <alikins>
Date: Wed Mar 30 11:32:55 2011 -0400
691784: unsubscribing a imported cert was causing an uncaught exception
Trying to pass a string to "linkify" that didn't need formatting, so
specify that.
This seems to fix this for me. It doesn't feel like it's the complete
fix, but I can't reproduce it with the patch.
Is there a 404 logged?
Created attachment 489123 [details]
new error
Well, now I'm getting a different error (see attached and below). Note that I don't have insecure set to false in my rhsm.conf.
2011-03-31 11:11:46,682 [INFO] _request() @connection.py:147 - loading ca pem certificates from: /etc/rhsm/ca/
2011-03-31 11:11:46,682 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/fakamai-cp1.pem'
2011-03-31 11:11:46,687 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/mgmt5.pem'
2011-03-31 11:11:46,688 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/candlepin-stage.pem'
2011-03-31 11:11:46,689 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/mgmt4-candlepin-ca.pem'
2011-03-31 11:11:46,689 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/redhat-uep.pem'
2011-03-31 11:11:46,690 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/mgmt4.pem'
2011-03-31 11:11:46,691 [INFO] _request() @connection.py:149 - work in insecure mode ?:False
2011-03-31 11:11:46,805 [ERROR] handle_gui_exception() @utils.py:46 - sslv3 alert certificate unknown
Traceback (most recent call last):
File "/usr/share/rhsm/gui/mysubstab.py", line 79, in _on_unsubscribe_prompt_response
self.backend.uep.unbindBySerial(self.consumer.uuid, serial)
File "/usr/lib/python2.6/site-packages/rhsm/connection.py", line 401, in unbindBySerial
return self.conn.request_delete(method)
File "/usr/lib/python2.6/site-packages/rhsm/connection.py", line 212, in request_delete
return self._request("DELETE", method)
File "/usr/lib/python2.6/site-packages/rhsm/connection.py", line 169, in _request
headers=self.headers)
File "/usr/lib64/python2.6/httplib.py", line 910, in request
self._send_request(method, url, body, headers)
File "/usr/lib64/python2.6/httplib.py", line 947, in _send_request
self.endheaders()
File "/usr/lib64/python2.6/httplib.py", line 904, in endheaders
self._send_output()
File "/usr/lib64/python2.6/httplib.py", line 776, in _send_output
self.send(msg)
File "/usr/lib64/python2.6/httplib.py", line 735, in send
self.connect()
File "/usr/lib64/python2.6/site-packages/M2Crypto/httpslib.py", line 50, in connect
self.sock.connect((self.host, self.port))
File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Connection.py", line 185, in connect
ret = self.connect_ssl()
File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Connection.py", line 178, in connect_ssl
return m2.ssl_connect(self.ssl, self._timeout)
SSLError: sslv3 alert certificate unknown
2011-03-31 11:11:46,848 [INFO] _request() @connection.py:147 - loading ca pem certificates from: /etc/rhsm/ca/
2011-03-31 11:11:46,849 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/fakamai-cp1.pem'
2011-03-31 11:11:46,849 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/mgmt5.pem'
2011-03-31 11:11:46,850 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/candlepin-stage.pem'
2011-03-31 11:11:46,851 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/mgmt4-candlepin-ca.pem'
2011-03-31 11:11:46,851 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/redhat-uep.pem'
2011-03-31 11:11:46,853 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/mgmt4.pem'
2011-03-31 11:11:46,854 [INFO] _request() @connection.py:149 - work in insecure mode ?:False
Looks like i needed to restart the gui before changing the insecure mode (though shouldn't I be able to unsubscribe anyway?)
Either way, I get this now:
2011-03-31 13:19:24,889 [INFO] _request() @connection.py:177 - status code: 404
2011-03-31 13:19:24,890 [ERROR] handle_gui_exception() @utils.py:46 - Entitlement Certificate with serial number 1130158376562749 could not be found.
Traceback (most recent call last):
File "/usr/share/rhsm/gui/mysubstab.py", line 79, in _on_unsubscribe_prompt_response
self.backend.uep.unbindBySerial(self.consumer.uuid, serial)
File "/usr/lib/python2.6/site-packages/rhsm/connection.py", line 401, in unbindBySerial
return self.conn.request_delete(method)
File "/usr/lib/python2.6/site-packages/rhsm/connection.py", line 212, in request_delete
return self._request("DELETE", method)
File "/usr/lib/python2.6/site-packages/rhsm/connection.py", line 178, in _request
self.validateResponse(result)
File "/usr/lib/python2.6/site-packages/rhsm/connection.py", line 197, in validateResponse
parsed['displayMessage'])
RestlibException: Entitlement Certificate with serial number 1130158376562749 could not be found.
for the subscription unsubscribed in comment #4, was that a cert candlepin would know was associated with that consumer (say, via rhsm-web) or was it just pull another run of subscription-manager that subscribed to that product. For me, I get that error dialog, and the same message in the log, but that's because I'm trying to unsubscribe from a subscription the candlepin server knows nothing about. For the unregsitered case, I get something like:
an error dialog with "Unable to verify server's identity: system lib"
and in the logs:
2011-04-07 11:44:45,341 [ERROR] @utils.py:45 - system lib
Traceback (most recent call last):
File "/home/adrian/src/subscription-manager/src/subscription_manager/gui/mysubstab.py", line 80, in _on_unsubscribe_prompt_response
self.backend.uep.unbindBySerial(self.consumer.uuid, serial)
File "/usr/lib/python2.7/site-packages/rhsm-0.96.2-py2.7.egg/rhsm/connection.py", line 401, in unbindBySerial
return self.conn.request_delete(method)
File "/usr/lib/python2.7/site-packages/rhsm-0.96.2-py2.7.egg/rhsm/connection.py", line 212, in request_delete
return self._request("DELETE", method)
File "/usr/lib/python2.7/site-packages/rhsm-0.96.2-py2.7.egg/rhsm/connection.py", line 153, in _request
context.load_cert(self.cert_file, keyfile=self.key_file)
File "/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Context.py", line 76, in load_cert
m2.ssl_ctx_use_cert(self.ctx, certfile)
SSLError: system lib
and on the console:
Traceback (most recent call last):
File "/home/adrian/src/subscription-manager/src/subscription_manager/gui/mysubstab.py", line 84, in _on_unsubscribe_prompt_response
self.backend.certlib.update()
File "/home/adrian/src/subscription-manager/src/subscription_manager/certlib.py", line 60, in update
return action.perform()
File "/home/adrian/src/subscription-manager/src/subscription_manager/certlib.py", line 132, in perform
expected = self.getExpected(report)
File "/home/adrian/src/subscription-manager/src/subscription_manager/certlib.py", line 189, in getExpected
exp = self.getCertificateSerialsList()
File "/home/adrian/src/subscription-manager/src/subscription_manager/certlib.py", line 182, in getCertificateSerialsList
reply = self.uep.getCertificateSerials(self._getConsumerId())
File "/home/adrian/src/subscription-manager/src/subscription_manager/certlib.py", line 178, in _getConsumerId
raise Disconnected()
subscription_manager.certlib.Disconnected
commit b2fb5ec07f25652aa38e3e31152b9ad3ddb6165a
Author: Adrian Likins <alikins>
Date: Thu Apr 7 15:50:19 2011 -0400
691784: Fix handling of unsubscribing imported certs while unregistered
The core of the bugfix is in mysubstab._on_unsubscribe_prompt_response.
We don't try to unbindBySerial if we are not registered (via new
managerGui.Backend.is_registered()). We also try/except around
the update to catch the Disconnected exception if well, we are
disconnected. We also change the store serial type to long, so
the cert lookup works correctly.
we also remove some unused code from certlib/certmgr (the *add) code
and refactor certlib.delete to expect an array of longs, not a
var arg.
in master, fix chksum is f2cd16f571cd2a05f05b7e914c28d5b5d41adef9
The unregistered case now works. When registered to an incorrect server for the cert, the error message crashes on the RHEL6 branch:
handle_gui_exception(e, _("There was an error unsubsribing from %s with serial number %s" % (selection['subscription'],serial)), formatMsg=False)
TypeError: handle_gui_exception() got an unexpected keyword argument 'formatMsg'
Traceback (most recent call last):
File "/usr/share/rhsm/gui/mysubstab.py", line 83, in _on_unsubscribe_prompt_response
handle_gui_exception(e, _("There was an error unsubsribing from %s with serial number %s" % (selection['subscription'],serial)), formatMsg=False)
TypeError: handle_gui_exception() got an unexpected keyword argument 'formatMsg'
commit c0d9b0e0cc46946baca899207720c1df348efb32
Author: Adrian Likins <alikins>
Date: Wed Feb 23 11:26:58 2011 -0500
691784: Fix a bug when bare strings were passed to handle_gui_exception
Add a opt to turn off string substitution in the error msg
*** Bug 695002 has been marked as a duplicate of this bug. *** The original fix for this caused #695002, so closed it as a dupe. commit 82cb1bb920e970d9fd7e67ad176149638b77a754
Author: Adrian Likins <alikins>
Date: Mon Apr 11 16:09:52 2011 -0400
691784: fix entitlement failure that throws sequence error
This is something of an addendum to f2cd16f571cd2a05f05b7e914c28d5b5d41adef9
A touch too much was deleted in that commit.
VERIFYING fix to "addendum" that fixes bug 695002... [root@jsefler-onprem-server tmp]# rpm -qa | grep subscription-manager subscription-manager-firstboot-0.95.8-1.el6.x86_64 subscription-manager-0.95.8-1.el6.x86_64 subscription-manager-gnome-0.95.8-1.el6.x86_64 [root@jsefler-onprem-server tmp]# subscription-manager register --username=qa Password: f7434e22-07a0-4446-b6ae-621262daf1ff jsefler-onprem-server.usersys.redhat.com [root@jsefler-onprem-server tmp]# subscription-manager list --avail +-------------------------------------------+ Available Subscriptions +-------------------------------------------+ ProductName: Red Hat Employee Subscription ProductId: SYS0395 PoolId: 8a85f9812ede00af012edf01c88c5ce0 Quantity: 18 Expires: 2011-10-04 ProductName: Red Hat Employee Subscription ProductId: SYS0395 PoolId: 8a85f9812ede00af012edf01c8965ceb Quantity: unlimited Expires: 2011-10-04 ProductName: Red Hat Employee Subscription ProductId: SYS0395 PoolId: 8a85f9812ede00af012edf01c89f5cf9 Quantity: 9994 Expires: 2011-10-07 ProductName: Red Hat Employee Subscription ProductId: SYS0395 PoolId: 8a85f9812ede00af012edf01c8a65d04 Quantity: unlimited Expires: 2011-10-07 [root@jsefler-onprem-server tmp]# subscription-manager subscribe --pool=8a85f9812ede00af012edf01c8a65d04 [root@jsefler-onprem-server tmp]# subscription-manager unsubscribe --all [root@jsefler-onprem-server tmp]# subscription-manager subscribe --auto Installed Products: Red Hat Enterprise Linux 6 for Premium Architectures - Not Installed Red Hat Enterprise Linux 6 for Scientific Computing - Not Installed Red Hat Enterprise Linux 6 Desktop - Not Installed Red Hat Enterprise Linux Load Balancer (for RHEL 6 Server) - Subscribed Red Hat Enterprise Linux 6 for Mainframe - Not Installed Red Hat Enterprise Linux 6 Workstation - Not Installed Red Hat Enterprise Linux Scalable File System (for RHEL 6 Server) - Subscribed Red Hat Enterprise Linux 6 Server - Subscribed Red Hat Enterprise Linux Resilient Storage (for RHEL 6 Server) - Subscribed Red Hat Enterprise Linux High Availability (for RHEL 6 Server) - Subscribed Load Balancing Bits - Not Subscribed Awesome OS Server Bits - Not Subscribed Clustering Bits - Not Subscribed Awesome OS Modifier Bits - Not Subscribed Awesome OS Scalable Filesystem Bits - Not Subscribed Large File Support Bits - Not Subscribed Awesome OS Developer Bits - Not Subscribed Awesome OS for S390X Bits - Not Subscribed Awesome OS Developer Basic - Not Subscribed Multiplier Product Bits - Not Subscribed Management Bits - Not Subscribed Awesome OS Workstation Bits - Not Subscribed Awesome OS Premium Architecture Bits - Not Subscribed Shared Storage Bits - Not Subscribed [root@jsefler-onprem-server tmp]# ^^ fixed, no -sequence error Created attachment 491851 [details]
unsub
See attached screenshot. Even though the error is encountered, it successfully removes the cert.
python-rhsm-0.95.6-1.git.0.b36d0a5.el6.noarch
subscription-manager-firstboot-0.95.8-1.git.0.9c92e14.el6.x86_64
subscription-manager-gnome-0.95.8-1.git.0.9c92e14.el6.x86_64
subscription-manager-0.95.8-1.git.0.9c92e14.el6.x86_64
Moving to VERIFIED.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2011-0611.html |
Description of problem: When you unsubscribe from a product using an imported cert, you get a stack trace and subscription-manager crashes. Version-Release number of selected component (if applicable): subscription-manager-gnome-0.95.5-1.git.26.ce6d87f.el6.x86_64 subscription-manager-0.95.5-1.git.26.ce6d87f.el6.x86_64 subscription-manager-firstboot-0.95.5-1.git.26.ce6d87f.el6.x86_64 python-rhsm-0.95.5-1.git.0.0bfdb97.el6.noarch Steps to Reproduce: 1. Install subscription-manager-gnome and all of its dependencies. 2. Using the red hat subscription web app (on stage), download a valid entitlement cert. 3. Using the subscription-manager-gui import cert tool, import this entitlement cert. 4. Go to the my subscriptions tab and unsubscribe from this cert. Actual results: Traceback (most recent call last): File "/usr/share/rhsm/gui/mysubstab.py", line 81, in _on_unsubscribe_prompt_response handle_gui_exception(e, _("There was an error unsubsribing from %s with serial number %s" % (selection['subscription'],serial))) File "/usr/share/rhsm/gui/utils.py", line 61, in handle_gui_exception errorWindow(msg % linkify(e.msg)) then in log file: 2011-03-29 09:04:14,472 [ERROR] handle_gui_exception() @utils.py:46 - access denied. Traceback (most recent call last): File "/usr/share/rhsm/gui/mysubstab.py", line 79, in _on_unsubscribe_prompt_response self.backend.uep.unbindBySerial(self.consumer.uuid, serial) File "/usr/lib/python2.6/site-packages/rhsm/connection.py", line 401, in unbindBySerial return self.conn.request_delete(method) File "/usr/lib/python2.6/site-packages/rhsm/connection.py", line 212, in request_delete return self._request("DELETE", method) File "/usr/lib/python2.6/site-packages/rhsm/connection.py", line 178, in _request self.validateResponse(result) File "/usr/lib/python2.6/site-packages/rhsm/connection.py", line 197, in validateResponse parsed['displayMessage']) Expected results: The cert is unsubscribed from and removed from my system.