Bug 887041

Summary: Document the unfortunate error message that can happen during sync over SSL if no CA certificate is provided
Product: [Retired] Pulp Reporter: Randy Barlow <rbarlow>
Component: documentationAssignee: Randy Barlow <rbarlow>
Status: CLOSED CURRENTRELEASE QA Contact: Preethi Thomas <pthomas>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 2.0.6   
Target Milestone: ---   
Target Release: 2.4.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-08-09 06:56:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Randy Barlow 2012-12-13 22:11:31 UTC 
We have an unfortunate bug[0] wherein we don't give the user an informative error message if they initiate a sync with an SSL feed without providing the CA certificate for the feed.

We aren't going to fix [0] before the release of Pulp 2.0, so we should document this behavior. I recommend a "Known Issues" section where we can link to this and perhaps other bugs. I also recommend that we put a "TIP" or "NOTE" or "CAUTION" block near any places in the docs where we talk about creating repos or syncing them. We can link to the bug in those blocks too.

[0] https://bugzilla.redhat.com/show_bug.cgi?id=887039
Comment 1 Randy Barlow 2012-12-13 22:12:23 UTC 
We should write about this in the quick start guide as well.
Comment 2 Randy Barlow 2013-01-04 19:21:22 UTC 
https://github.com/pulp/pulp_rpm/pull/88
Comment 3 Randy Barlow 2014-03-17 21:58:58 UTC 
I'm going to set this to the 2.4.0 release so that it can be in line to get verified.
Comment 4 Preethi Thomas 2014-04-11 09:38:25 UTC 
verified
[root@hp-dl380pgen8-02-vm-1 ~]# rpm -qa pulp-server
pulp-server-2.4.0-0.8.beta.el6.noarch
[root@hp-dl380pgen8-02-vm-1 ~]# 


[root@hp-dl380pgen8-02-vm-1 ~]#  pulp-admin rpm repo create --repo-id SAM --feed https://cdn.redhat.com/content/dist/rhel/rhui/server/6/6Server/x86_64/subscription-asset-manager/1/os/
Successfully created repository [SAM]

[root@hp-dl380pgen8-02-vm-1 ~]# 
[root@hp-dl380pgen8-02-vm-1 ~]# 
[root@hp-dl380pgen8-02-vm-1 ~]# pulp-admin rpm repo sync run --repo-id SAM
+----------------------------------------------------------------------+
                     Synchronizing Repository [SAM]
+----------------------------------------------------------------------+

This command may be exited via ctrl+c without affecting the request.


Downloading metadata...
[-]
... failed

[Errno 1] _ssl.c:492: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

[Errno 1] _ssl.c:492: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed


Task Failed

Importer indicated a failed response

[root@hp-dl380pgen8-02-vm-1 ~]#
Comment 5 Randy Barlow 2014-08-09 06:56:31 UTC 
This has been fixed in Pulp 2.4.0-1.