Bug 695451

Summary: Func 0.28 fails to find certificates
Product: [Fedora] Fedora EPEL Reporter: Erinn Looney-Triggs <erinn.looneytriggs>
Component: funcAssignee: Seth Vidal <skvidal>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: el5CC: alikins, brett.lentz, gregswift
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-04-13 17:17:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Erinn Looney-Triggs 2011-04-11 19:08:05 UTC 
Description of problem:
It appears that func 0.28 requires libvirt which is not an RPM dependency, I am not sure but isn't libvirt part of the virtualization entitlement? It might be a good idea to make that dependency optional so func can be used on systems that are not entitled for virt.

This might be applicable to RHEL 6 as well, only tested for me on 5 though.

Version-Release number of selected component (if applicable):

func-0.28-1.el5

Additional info:
2011-04-11 18:58:42,041 - WARNING - ['Traceback (most recent call last):\n', '  File "/usr/lib/python2.4/site-packages/func/module_loader.py", line 108, in load_modules\n    blip =  __import__("%s%s" % ( mod_dir,mod_imp_name), globals(), locals(), [mod_imp_name])\n', 'ValueError: Empty module name\n']
2011-04-11 18:58:42,047 - WARNING - Import error while loading virt module: No module named libvirt
2011-04-11 18:58:42,047 - WARNING - ['Traceback (most recent call last):\n', '  File "/usr/lib/python2.4/site-packages/func/module_loader.py", line 108, in load_modules\n    blip =  __import__("%s%s" % ( mod_dir,mod_imp_name), globals(), locals(), [mod_imp_name])\n', '  File "/usr/lib/python2.4/site-packages/func/minion/modules/virt.py", line 27, in ?\n    import libvirt\n', 'ImportError: No module named libvirt\n']
2011-04-11 18:58:42,169 - WARNING - Could not load  module
2011-04-11 18:58:42,169 - WARNING - ['Traceback (most recent call last):\n', '  File "/usr/lib/python2.4/site-packages/func/module_loader.py", line 108, in load_modules\n    blip =  __import__("%s%s" % ( mod_dir,mod_imp_name), globals(), locals(), [mod_imp_name])\n', 'ValueError: Empty module name\n']
2011-04-11 18:58:42,846 - INFO - Exception occured: exceptions.IndexError
2011-04-11 18:58:42,846 - INFO - Exception value: list index out of range
2011-04-11 18:58:42,846 - INFO - Exception Info:
  File "/usr/bin/funcd", line 23, in ?
    server.main(sys.argv)
   File "/usr/lib/python2.4/site-packages/func/minion/server.py", line 413, in main
    serve()
   File "/usr/lib/python2.4/site-packages/func/minion/server.py", line 225, in serve
    server = setup_server()
   File "/usr/lib/python2.4/site-packages/func/minion/server.py", line 220, in setup_server
    server = FuncSSLXMLRPCServer((listen_addr, listen_port), config.module_list)
   File "/usr/lib/python2.4/site-packages/func/minion/server.py", line 265, in __init__
    self.cert = func_utils.find_files_by_hostname(hn, self.cm_config.cert_dir, '.cert')[0]
Comment 1 seth vidal 2011-04-11 19:26:35 UTC 
func doesn't require it - but if you wish to use the virt module it does.

I believe this is the same as the func 0.24 in epel5 currently.
Comment 2 Erinn Looney-Triggs 2011-04-11 19:30:19 UTC 
Well func fails to start in RHEL 5 due to the above errors. Version 0.24 does not.
Comment 3 Greg Swift 2011-04-12 15:28:50 UTC 
that is not failing because of the libvirt error.  That is failing because it doesn't have a certificate.
Comment 4 Erinn Looney-Triggs 2011-04-12 16:58:20 UTC 
Hey reading to the bottom, who would have thought :). Ok here is what I have, func-0.24 works like a charm on the system, tied in with the master etc, everything works. Upgrade to func 0.28, it no longer works, the client throws the aforementioned error. Now maybe I am missing something here, but it seems like it should start and work. I am able to roll back and the old version works, go forward, it fails.
Comment 5 Greg Swift 2011-04-12 20:45:52 UTC 
So this is bash equivalent to what that piece of code is running:

ls $(awk '/^cert_dir/ { print $3}' /etc/certmaster/certmaster.conf)/$(hostname --fqdn).cert

what's interesting is that 3 lines before it it basically does this:

ls $(awk '/^cert_dir/ { print $3}' /etc/certmaster/certmaster.conf)/$(hostname --fqdn).pem

and that works... which means its finding your key, but not your certificate file.

ya know what?  It occurs to me that if you do: 

ls $(awk '/^cert_dir/ { print $3}' /etc/certmaster/certmaster.conf)

you will find the a set of 3 matching files with the extensions: cert, csr, and pem.

then you will find another pair with only the extensions: csr and pem

is that the case?
Comment 6 Erinn Looney-Triggs 2011-04-12 22:39:29 UTC 
Here is what I have, I have fqdn.cert, fqdn.csr, and fqdn.pem in /etc/pki/certmaster. The other pair you are talking about don't seem to exist, though there is a ca.cert file in that directory as well. 

-Erinn
Comment 7 Greg Swift 2011-04-13 13:19:32 UTC 
hrm... well... then i'm not 100% sure whats going on. you've got the bits that are supposed to be there file wise.

whats the output of when you are on 0.28:

python -c "from func import utils; print utils.get_hostname_by_route()"
Comment 8 seth vidal 2011-04-13 15:04:24 UTC 
erinn,
 could you run
 funcd --info

and report the output?
Comment 9 Erinn Looney-Triggs 2011-04-13 17:17:16 UTC 
And now with more testing this problem disappears magically. Let's chalk this up to operator issues (the most likely cause of all problems), sorry to waste time. 

-Erinn