Bug 739625

Summary: spacewalk-repo-sync doesn't work over SSL & IPv6 correctly
Product: [Community] Spacewalk Reporter: Miroslav Suchý <msuchy>
Component: ServerAssignee: Milan Zázrivec <mzazrivec>
Status: CLOSED CURRENTRELEASE QA Contact: Lukas Pramuk <lpramuk>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 1.6CC: jpazdziora, lpramuk
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 878049 (view as bug list) Environment:
Last Closed: 2013-03-06 18:35:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 742914, 761596    
Bug Blocks: 487666, 878049, 917805    

Description Miroslav Suchý 2011-09-19 16:22:40 UTC 
Description of problem:
spacewalk-repo-sync doesn't work over SSL & IPv6 correctly
        it seems to work all right over SSL & IPv4
        it seems to work all right over IPv6 without SSL
        fix not available, most likely a low level pycurl / libcurl issue 

When it has to comunicate over SSL in IPv6 only network it end up with this traceback:

# spacewalk-repo-sync -cspacewalk
Traceback (most recent call last):
  File "/usr/bin/spacewalk-repo-sync", line 70, in ?
    sys.exit(abs(main() or 0))
  File "/usr/bin/spacewalk-repo-sync", line 64, in main
    sync.main()
  File "/usr/lib/python2.4/site-packages/spacewalk/satellite_tools/reposync.py", line 120, in main
    self.import_packages(plugin, url)
  File "/usr/lib/python2.4/site-packages/spacewalk/satellite_tools/reposync.py", line 325, in import_packages
    packages = plug.list_packages(self.filters)
  File "/usr/lib/python2.4/site-packages/spacewalk/satellite_tools/repo_plugins/yum_src.py", line 118, in list_packages
    sack.populate(self.repo, 'metadata', None, 0)
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 168, in populate
    if self._check_db_version(repo, mydbtype):
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 226, in _check_db_version
    return repo._check_db_version(mdtype)
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1226, in _check_db_version
    repoXML = self.repoXML
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1399, in <lambda>
    repoXML = property(fget=lambda self: self._getRepoXML(),
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1395, in _getRepoXML
    raise Errors.RepoError, msg
yum.Errors.RepoError: Cannot retrieve repository metadata (repomd.xml) for repository: spacewalk. Please verify its path and try again
Comment 1 Miroslav Suchý 2011-09-20 08:20:39 UTC 
Note to myself: from the traceback it is not directly visible but the exception is raised at:
 /usr/lib/python2.4/site-packages/yum/yumRepo.py +814
in function _getFile()
by line:
 result = self.grab.urlgrab(misc.to_utf8(relative), local,
Comment 2 Miroslav Suchý 2011-09-20 09:10:32 UTC 
The error is raised at
  /usr/lib/python2.4/site-packages/urlgrabber/grabber.py +1202
in function _make_request() on line:
 fo = opener.open(req)

(Pdb) opener.open(req)
*** URLError: <urlopen error (-3, 'Temporary failure in name resolution')>
(Pdb) opener
<urllib2.OpenerDirector instance at 0x115e2878>
(Pdb) req
<urllib2.Request instance at 0x115e4fc8>
(Pdb) req.get_full_url()
'https://xn--ufuk-xpa16d5h.lab.eng.brq.redhat.com/pub/repo/repodata/repomd.xml'

Strange thing is stat:
(Pdb) o=urllib2.OpenerDirector()
(Pdb) o.open('https://xn--ufuk-xpa16d5h.lab.eng.brq.redhat.com/pub/repo/repodata/repomd.xml')
does not raise exception.
Comment 3 Miroslav Suchý 2011-09-20 09:44:52 UTC 
/usr/lib/python2.4/site-packages/urlgrabber/grabber.py +1075
while 
(Pdb) opener.open(req)
*** URLError: <urlopen error (-3, 'Temporary failure in name resolution')>
fail, the pure:
(Pdb) o=urllib2.OpenerDirector()
(Pdb) o.open(req)
does not fail.
Is the problem in opener?
Comment 6 Miroslav Suchý 2011-10-03 12:16:10 UTC 
This is problem in m2crypto (or it can be workarounded in urlgrabber). See bug 742914
Comment 8 Jan Pazdziora 2012-06-22 11:00:14 UTC 
With RHEL 6.3 released, moving ON_QA.
Comment 9 Lukas Pramuk 2012-08-02 15:39:39 UTC 
Failed to verify with version m2crypto-0.20.2-9.el6

# curl -k https://kvm11.virtual/myrepo/
<!DOCTYPE HTML PUBLIC...

# spacewalk-repo-sync -c myrepo -u http://kvm11.virtual/myrepo/
Repo URL: http://kvm11.virtual/myrepo/
Packages in repo:                 3
Packages already synced:          0
Packages to sync:                 3
1/3 : libxml2-python-2.7.6-4.el6_2.4-0.x86_64
2/3 : rhnlib-2.5.22-12.el6-0.noarch
3/3 : pyOpenSSL-0.10-2.el6-0.x86_64
Repo http://kvm11.virtual/myrepo/ has 0 errata.
Sync completed.
Total time: 0:00:00

# spacewalk-repo-sync -c myrepo -u https://kvm11.virtual/myrepo/
Traceback (most recent call last):
  File "/usr/bin/spacewalk-repo-sync", line 100, in <module>
    sys.exit(abs(main() or 0))
  File "/usr/bin/spacewalk-repo-sync", line 93, in main
    sync.sync()
  File "/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/reposync.py", line 100, in sync
    self.import_packages(plugin, repo_id, url)
  File "/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/reposync.py", line 303, in import_packages
    packages = plug.list_packages(filters)
  File "/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/repo_plugins/yum_src.py", line 151, in list_packages
    self.sack.populate(self.repo, 'metadata', None, 0)
  File "/usr/lib/python2.6/site-packages/yum/yumRepo.py", line 165, in populate
    if self._check_db_version(repo, mydbtype):
  File "/usr/lib/python2.6/site-packages/yum/yumRepo.py", line 223, in _check_db_version
    return repo._check_db_version(mdtype)
  File "/usr/lib/python2.6/site-packages/yum/yumRepo.py", line 1256, in _check_db_version
    repoXML = self.repoXML
  File "/usr/lib/python2.6/site-packages/yum/yumRepo.py", line 1455, in <lambda>
    repoXML = property(fget=lambda self: self._getRepoXML(),
  File "/usr/lib/python2.6/site-packages/yum/yumRepo.py", line 1451, in _getRepoXML
    raise Errors.RepoError, msg
yum.Errors.RepoError: Cannot retrieve repository metadata (repomd.xml) for repository: myrepo. Please verify its path and try again
Comment 10 Milan Zázrivec 2012-12-19 09:59:43 UTC 
I'm confirming traceback from comment #9, but it is not caused by a bug
in our code. The traceback shown is just the following error from urlgrabber 
disguised as a yum exception:

'Peer certificate cannot be authenticated with known CA certificates'

The thing is going to work correctly with latest spacewalk-backend as long
as you set ssl* directives in /etc/rhn/spacewalk-repo-sync/yum.conf correctly.

All verified with m2crypto-0.20.2-9.el6 and m2crypto-0.16-9.el5.x86_64.
Comment 11 Stephen Herr 2013-03-06 18:35:01 UTC 
Spacewalk 1.9 has been released.

https://fedorahosted.org/spacewalk/wiki/ReleaseNotes19