Hide Forgot
Description of problem: This error discovered by accident. [root@rh7a (RH7.0-x86_64) ipa-sudo] ipa sudorule-find sudo.rule | grep "Rule name:" | cut -d":" -f2 | xargs ipa sudorule-del ipa: ERROR: cannot connect to 'https://rh7a.yzhang.redhat.com/ipa/session/xml': Internal Server Error In order to re-produce this error, some sudo rule like "sudo.rule" has to exist. In another words, the following command has to success: [root@rh7a (RH7.0-x86_64) ipa-sudo] ipa sudorule-find sudo.rule | grep "Rule name:" | cut -d":" -f2 sudo.rule.14760 sudo.rule.28088 Version-Release number of selected component (if applicable): ipa-server-3.3.3-3.el7.x86_64 How reproducible: Steps to Reproduce: 1. create sudorule "sudo.rule.001" "sudo.rule.002" 2. run above command: ipa sudorule-find sudo.rule | grep "Rule name:" | cut -d":" -f2 | xargs ipa sudorule-del 3. Actual results: [root@rh7a (RH7.0-x86_64) ipa-sudo] ipa sudorule-find sudo.rule | grep "Rule name:" | cut -d":" -f2 | xargs ipa sudorule-del ipa: ERROR: cannot connect to 'https://rh7a.yzhang.redhat.com/ipa/session/xml': Internal Server Error Additional info: corresponding error msg in /var/log/httpd/error_log [Tue Nov 12 09:07:40.390300 2013] [:error] [pid 1599] [remote 192.168.122.71:160] mod_wsgi (pid=1599): Exception occurred processing WSGI script '/usr/share/ipa/wsgi.py'. [Tue Nov 12 09:07:40.390373 2013] [:error] [pid 1599] [remote 192.168.122.71:160] Traceback (most recent call last): [Tue Nov 12 09:07:40.390396 2013] [:error] [pid 1599] [remote 192.168.122.71:160] File "/usr/share/ipa/wsgi.py", line 49, in application [Tue Nov 12 09:07:40.390432 2013] [:error] [pid 1599] [remote 192.168.122.71:160] return api.Backend.wsgi_dispatch(environ, start_response) [Tue Nov 12 09:07:40.390447 2013] [:error] [pid 1599] [remote 192.168.122.71:160] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 247, in __call__ [Tue Nov 12 09:07:40.390471 2013] [:error] [pid 1599] [remote 192.168.122.71:160] return self.route(environ, start_response) [Tue Nov 12 09:07:40.390483 2013] [:error] [pid 1599] [remote 192.168.122.71:160] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 259, in route [Tue Nov 12 09:07:40.390502 2013] [:error] [pid 1599] [remote 192.168.122.71:160] return app(environ, start_response) [Tue Nov 12 09:07:40.390514 2013] [:error] [pid 1599] [remote 192.168.122.71:160] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 1197, in __call__ [Tue Nov 12 09:07:40.390533 2013] [:error] [pid 1599] [remote 192.168.122.71:160] response = super(xmlserver_session, self).__call__(environ, start_response) [Tue Nov 12 09:07:40.390545 2013] [:error] [pid 1599] [remote 192.168.122.71:160] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 709, in __call__ [Tue Nov 12 09:07:40.390564 2013] [:error] [pid 1599] [remote 192.168.122.71:160] response = super(xmlserver, self).__call__(environ, start_response) [Tue Nov 12 09:07:40.390576 2013] [:error] [pid 1599] [remote 192.168.122.71:160] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 374, in __call__ [Tue Nov 12 09:07:40.390594 2013] [:error] [pid 1599] [remote 192.168.122.71:160] response = self.wsgi_execute(environ) [Tue Nov 12 09:07:40.390624 2013] [:error] [pid 1599] [remote 192.168.122.71:160] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 328, in wsgi_execute [Tue Nov 12 09:07:40.390643 2013] [:error] [pid 1599] [remote 192.168.122.71:160] (name, args, options, _id) = self.unmarshal(data) [Tue Nov 12 09:07:40.390654 2013] [:error] [pid 1599] [remote 192.168.122.71:160] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 732, in unmarshal [Tue Nov 12 09:07:40.390673 2013] [:error] [pid 1599] [remote 192.168.122.71:160] (params, name) = xml_loads(data) [Tue Nov 12 09:07:40.390685 2013] [:error] [pid 1599] [remote 192.168.122.71:160] File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 262, in xml_loads [Tue Nov 12 09:07:40.390706 2013] [:error] [pid 1599] [remote 192.168.122.71:160] (params, method) = loads(data) [Tue Nov 12 09:07:40.390717 2013] [:error] [pid 1599] [remote 192.168.122.71:160] File "/usr/lib64/python2.7/xmlrpclib.py", line 1135, in loads [Tue Nov 12 09:07:40.390738 2013] [:error] [pid 1599] [remote 192.168.122.71:160] p.feed(data) [Tue Nov 12 09:07:40.390749 2013] [:error] [pid 1599] [remote 192.168.122.71:160] File "/usr/lib64/python2.7/xmlrpclib.py", line 557, in feed [Tue Nov 12 09:07:40.390768 2013] [:error] [pid 1599] [remote 192.168.122.71:160] self._parser.Parse(data, 0) [Tue Nov 12 09:07:40.390792 2013] [:error] [pid 1599] [remote 192.168.122.71:160] ExpatError: not well-formed (invalid token): line 8, column 15 [Tue Nov 12 09:09:13.139490 2013] [:error] [pid 1600] ipa: INFO: admin.COM: sudorule_find(u'sudo.rule', all=False, raw=False, version=u'2.65', no_members=False, pkey_only=False): SUCCESS
Additional information: 1. in order do generate ipa server error, the command format has to be followed. ipa sudorule-find sudo.rule | grep "Rule name:" | cut -d":" -f2 | xargs ipa sudorule-del 2. ipa sudorule-find sudo.rule has to return valid ipa record 3. without xargs, it does not report error 4. I tried to run "ipa sudorule-del" with various bogus string, I couldn't produce the same error. It appears to me that "xargs" produces some inputs that ipa server don't handle correctly. my test was performed on rhel7.0 x86_64, but i don't think it matters.
Can you add a -vv to the xargs ipa call? That may show us the XML-RPC request being sent. xargs ipa -vv sudorule-del.
[root@rh7a (RH7.0-x86_64) ipa-sudo] ipa sudorule-find sudo.rule | grep "Rule name:" | cut -d":" -f2 | xargs ipa -vv sudorule-del send: "POST /ipa/xml HTTP/1.1\r\nHost: rh7a.yzhang.redhat.com\r\nAccept-Encoding: gzip\r\nAccept-Language: en-us\r\nReferer: https://rh7a.yzhang.redhat.com/ipa/xml\r\nAuthorization: negotiate YIICbgYJKoZIhvcSAQICAQBuggJdMIICWaADAgEFoQMCAQ6iBwMFACAAAACjggFrYYIBZzCCAWOgAwIBBaETGxFZWkhBTkcuUkVESEFULkNPTaIpMCegAwIBAaEgMB4bBEhUVFAbFnJoN2EueXpoYW5nLnJlZGhhdC5jb22jggEaMIIBFqADAgESoQMCAQKiggEIBIIBBDcyWAghuQaKfk5Pi9Fsyas8rYf1AS0eGg4U/QvnltUqmPF1x1pfcDE682icit4Ytt8eVtMiv9xtuEFpxmC4n+zkFcc11/F8/pwKBj2YUe4arQ9uig2KB2yjElJcv8UuH552nuctpZfeobdaJS+rIHPptF/sah94X6qVxpEuEqVYzHsQdhFMwT6gp01BP1yYuVaaVWIkZTPb1rYGABiOpqU7WQzkS+4Ljk5Tgxu2uhM04eJEm/nzNHri3con/ykPAPGLggxdS4v7N7h8tkG2vRasrfZu4xO9t5WiDWuFddzcPaIFyJCrJe8umbzwdXCY3vMzpf4Zdz8tNqUHawLcZy8X38CjpIHUMIHRoAMCARKigckEgcZoQ10EWkBR2+F/iUhYtuar0YNOFSUWYcSdD2n5u6EkKvmgGc7kQoNO/iXy36uNE/DKlnunNXMXQ5z22Xe6fuGjSI/wcgAHv8esaXVZyCQV3IIsx2U94B0E/OAsN4wVUr0oTFCycsKSrWdt6lbbG8+Z1jT+nLtMq49H3k+J6zbbsTU7uHm2P0lbf3fxEb1bajo3yXyfhw8vncf/WLoHM1FkWwaWv5OkUi33vOj2ArQ/uai5NHuanVnrCs0lZGo4ZBbm2QwB7iE=\r\nUser-Agent: xmlrpclib.py/1.0.1 (by www.pythonware.com)\r\nContent-Type: text/xml\r\nContent-Length: 522\r\n\r\n<?xml version='1.0' encoding='UTF-8'?>\n<methodCall>\n<methodName>sudorule_del</methodName>\n<params>\n<param>\n<value><array><data>\n<value><array><data>\n<value><string>\x1b[m\x1b[K</string></value>\n<value><string>sudo.rule.15958</string></value>\n</data></array></value>\n</data></array></value>\n</param>\n<param>\n<value><struct>\n<member>\n<name>continue</name>\n<value><boolean>0</boolean></value>\n</member>\n<member>\n<name>version</name>\n<value><string>2.65</string></value>\n</member>\n</struct></value>\n</param>\n</params>\n</methodCall>\n" reply: 'HTTP/1.1 500 Internal Server Error\r\n' header: Date: Thu, 14 Nov 2013 18:39:37 GMT header: Server: Apache/2.4.6 (Red Hat) mod_auth_kerb/5.4 mod_fcgid/2.3.9 mod_nss/2.4.6 NSS/3.15.2 Basic ECC PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5 header: WWW-Authenticate: Negotiate YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRv5knk2jCvNufzLMXz1mudCdSrh7Gx9FF1j/oGX601ghFMdRreVcbJjFkBe1V+jk9gg8CBd5rCXoouJWQr+rPuqrdpj77A6B0gTcC+IMeMUOfc+FcwysjHYI7Fgc8BrQeOhUX3S+gIu/ynz8MCXX9k header: Content-Length: 527 header: Connection: close header: Content-Type: text/html; charset=iso-8859-1 ipa: ERROR: cannot connect to 'https://rh7a.yzhang.redhat.com/ipa/xml': Internal Server Error
There is some garbage mixed in there, \x1b[m\x1b[K I wonder if escape characters from python are being stuffed in there. Can you try setting TERM to vt100 before executing this?
such garbage mixed chars might produced by pipe ("|") . I have seen similar chars in log file when "|" being used. The following command I used before create similar junk chars like "\[m\x265?" in log file. time $script 2>&1 |tee -a $log I will try set my terminal to vt100 and see if i can remove it.
Yi, did setting the terminal help? When tested in normal BASH, the command worked: # ipa sudorule-find sudo.rule | grep "Rule name:" | cut -d":" -f2 | xargs ipa sudorule-del ----------------------------- Deleted Sudo Rule "sudo.rule" ----------------------------- Rob, I am thinking if that may be something we should fix and catch ExpatError, to let ipa provide better error message.
Yes, I agree.
Upstream ticket: https://fedorahosted.org/freeipa/ticket/4049
Thank you taking your time and submitting this request for Red Hat Enterprise Linux. Unfortunately, this bug was not given a priority and was deferred both in the upstream project and in Red Hat Enterprise Linux. Given that we are unable to fulfill this request in following Red Hat Enterprise Linux releases, I am closing the Bugzilla as WONTFIX. To request that Red Hat re-considers the decision, please re-open the Bugzilla via appropriate support channels and provide additional business and/or technical details about its importance to you. Note that you can still track this request or even contribute patches in the referred upstream Trac ticket.