RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1029593 - IPA CLI: ipa sudorule-del generates "Internal Server Error"
Summary: IPA CLI: ipa sudorule-del generates "Internal Server Error"
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: rc
: ---
Assignee: Martin Kosek
QA Contact: Namita Soman
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-11-12 17:11 UTC by Yi Zhang
Modified: 2016-01-29 13:19 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-01-29 13:19:43 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Yi Zhang 2013-11-12 17:11:10 UTC
Description of problem:
This error discovered by accident.

[root@rh7a (RH7.0-x86_64) ipa-sudo] ipa sudorule-find sudo.rule | grep "Rule name:" | cut -d":" -f2 | xargs ipa sudorule-del
ipa: ERROR: cannot connect to 'https://rh7a.yzhang.redhat.com/ipa/session/xml': Internal Server Error


In order to re-produce this error, some sudo rule like "sudo.rule" has to exist. In another words, the following command has to success:
[root@rh7a (RH7.0-x86_64) ipa-sudo] ipa sudorule-find sudo.rule | grep "Rule name:" | cut -d":" -f2 
 sudo.rule.14760
 sudo.rule.28088


Version-Release number of selected component (if applicable): ipa-server-3.3.3-3.el7.x86_64


How reproducible:


Steps to Reproduce:
1. create sudorule "sudo.rule.001" "sudo.rule.002"
2. run above command:
ipa sudorule-find sudo.rule | grep "Rule name:" | cut -d":" -f2 | xargs ipa sudorule-del
3.

Actual results:
[root@rh7a (RH7.0-x86_64) ipa-sudo] ipa sudorule-find sudo.rule | grep "Rule name:" | cut -d":" -f2 | xargs ipa sudorule-del
ipa: ERROR: cannot connect to 'https://rh7a.yzhang.redhat.com/ipa/session/xml': Internal Server Error



Additional info:

corresponding error msg in /var/log/httpd/error_log

[Tue Nov 12 09:07:40.390300 2013] [:error] [pid 1599] [remote 192.168.122.71:160] mod_wsgi (pid=1599): Exception occurred processing WSGI script '/usr/share/ipa/wsgi.py'.
[Tue Nov 12 09:07:40.390373 2013] [:error] [pid 1599] [remote 192.168.122.71:160] Traceback (most recent call last):
[Tue Nov 12 09:07:40.390396 2013] [:error] [pid 1599] [remote 192.168.122.71:160]   File "/usr/share/ipa/wsgi.py", line 49, in application
[Tue Nov 12 09:07:40.390432 2013] [:error] [pid 1599] [remote 192.168.122.71:160]     return api.Backend.wsgi_dispatch(environ, start_response)
[Tue Nov 12 09:07:40.390447 2013] [:error] [pid 1599] [remote 192.168.122.71:160]   File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 247, in __call__
[Tue Nov 12 09:07:40.390471 2013] [:error] [pid 1599] [remote 192.168.122.71:160]     return self.route(environ, start_response)
[Tue Nov 12 09:07:40.390483 2013] [:error] [pid 1599] [remote 192.168.122.71:160]   File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 259, in route
[Tue Nov 12 09:07:40.390502 2013] [:error] [pid 1599] [remote 192.168.122.71:160]     return app(environ, start_response)
[Tue Nov 12 09:07:40.390514 2013] [:error] [pid 1599] [remote 192.168.122.71:160]   File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 1197, in __call__
[Tue Nov 12 09:07:40.390533 2013] [:error] [pid 1599] [remote 192.168.122.71:160]     response = super(xmlserver_session, self).__call__(environ, start_response)
[Tue Nov 12 09:07:40.390545 2013] [:error] [pid 1599] [remote 192.168.122.71:160]   File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 709, in __call__
[Tue Nov 12 09:07:40.390564 2013] [:error] [pid 1599] [remote 192.168.122.71:160]     response = super(xmlserver, self).__call__(environ, start_response)
[Tue Nov 12 09:07:40.390576 2013] [:error] [pid 1599] [remote 192.168.122.71:160]   File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 374, in __call__
[Tue Nov 12 09:07:40.390594 2013] [:error] [pid 1599] [remote 192.168.122.71:160]     response = self.wsgi_execute(environ)
[Tue Nov 12 09:07:40.390624 2013] [:error] [pid 1599] [remote 192.168.122.71:160]   File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 328, in wsgi_execute
[Tue Nov 12 09:07:40.390643 2013] [:error] [pid 1599] [remote 192.168.122.71:160]     (name, args, options, _id) = self.unmarshal(data)
[Tue Nov 12 09:07:40.390654 2013] [:error] [pid 1599] [remote 192.168.122.71:160]   File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 732, in unmarshal
[Tue Nov 12 09:07:40.390673 2013] [:error] [pid 1599] [remote 192.168.122.71:160]     (params, name) = xml_loads(data)
[Tue Nov 12 09:07:40.390685 2013] [:error] [pid 1599] [remote 192.168.122.71:160]   File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 262, in xml_loads
[Tue Nov 12 09:07:40.390706 2013] [:error] [pid 1599] [remote 192.168.122.71:160]     (params, method) = loads(data)
[Tue Nov 12 09:07:40.390717 2013] [:error] [pid 1599] [remote 192.168.122.71:160]   File "/usr/lib64/python2.7/xmlrpclib.py", line 1135, in loads
[Tue Nov 12 09:07:40.390738 2013] [:error] [pid 1599] [remote 192.168.122.71:160]     p.feed(data)
[Tue Nov 12 09:07:40.390749 2013] [:error] [pid 1599] [remote 192.168.122.71:160]   File "/usr/lib64/python2.7/xmlrpclib.py", line 557, in feed
[Tue Nov 12 09:07:40.390768 2013] [:error] [pid 1599] [remote 192.168.122.71:160]     self._parser.Parse(data, 0)
[Tue Nov 12 09:07:40.390792 2013] [:error] [pid 1599] [remote 192.168.122.71:160] ExpatError: not well-formed (invalid token): line 8, column 15
[Tue Nov 12 09:09:13.139490 2013] [:error] [pid 1600] ipa: INFO: admin.COM: sudorule_find(u'sudo.rule', all=False, raw=False, version=u'2.65', no_members=False, pkey_only=False): SUCCESS

Comment 1 Yi Zhang 2013-11-12 17:14:13 UTC
Additional information:

1. in order do generate ipa server error, the command format has to be followed.
ipa sudorule-find sudo.rule | grep "Rule name:" | cut -d":" -f2 | xargs ipa sudorule-del

2. ipa sudorule-find sudo.rule has to return valid ipa record
3. without xargs, it does not report error

4. I tried to run "ipa sudorule-del" with various bogus string, I couldn't produce the same error. It appears to me that "xargs" produces some inputs that ipa server don't handle correctly. 

my test was performed on rhel7.0 x86_64, but i don't think it matters.

Comment 2 Rob Crittenden 2013-11-12 17:17:38 UTC
Can you add a -vv to the xargs ipa call? That may show us the XML-RPC request being sent. xargs ipa -vv sudorule-del.

Comment 4 Yi Zhang 2013-11-14 18:39:15 UTC
[root@rh7a (RH7.0-x86_64) ipa-sudo] ipa sudorule-find sudo.rule | grep "Rule name:" | cut -d":" -f2 | xargs ipa -vv sudorule-del
send: "POST /ipa/xml HTTP/1.1\r\nHost: rh7a.yzhang.redhat.com\r\nAccept-Encoding: gzip\r\nAccept-Language: en-us\r\nReferer: https://rh7a.yzhang.redhat.com/ipa/xml\r\nAuthorization: negotiate YIICbgYJKoZIhvcSAQICAQBuggJdMIICWaADAgEFoQMCAQ6iBwMFACAAAACjggFrYYIBZzCCAWOgAwIBBaETGxFZWkhBTkcuUkVESEFULkNPTaIpMCegAwIBAaEgMB4bBEhUVFAbFnJoN2EueXpoYW5nLnJlZGhhdC5jb22jggEaMIIBFqADAgESoQMCAQKiggEIBIIBBDcyWAghuQaKfk5Pi9Fsyas8rYf1AS0eGg4U/QvnltUqmPF1x1pfcDE682icit4Ytt8eVtMiv9xtuEFpxmC4n+zkFcc11/F8/pwKBj2YUe4arQ9uig2KB2yjElJcv8UuH552nuctpZfeobdaJS+rIHPptF/sah94X6qVxpEuEqVYzHsQdhFMwT6gp01BP1yYuVaaVWIkZTPb1rYGABiOpqU7WQzkS+4Ljk5Tgxu2uhM04eJEm/nzNHri3con/ykPAPGLggxdS4v7N7h8tkG2vRasrfZu4xO9t5WiDWuFddzcPaIFyJCrJe8umbzwdXCY3vMzpf4Zdz8tNqUHawLcZy8X38CjpIHUMIHRoAMCARKigckEgcZoQ10EWkBR2+F/iUhYtuar0YNOFSUWYcSdD2n5u6EkKvmgGc7kQoNO/iXy36uNE/DKlnunNXMXQ5z22Xe6fuGjSI/wcgAHv8esaXVZyCQV3IIsx2U94B0E/OAsN4wVUr0oTFCycsKSrWdt6lbbG8+Z1jT+nLtMq49H3k+J6zbbsTU7uHm2P0lbf3fxEb1bajo3yXyfhw8vncf/WLoHM1FkWwaWv5OkUi33vOj2ArQ/uai5NHuanVnrCs0lZGo4ZBbm2QwB7iE=\r\nUser-Agent: xmlrpclib.py/1.0.1 (by www.pythonware.com)\r\nContent-Type: text/xml\r\nContent-Length: 522\r\n\r\n<?xml version='1.0' encoding='UTF-8'?>\n<methodCall>\n<methodName>sudorule_del</methodName>\n<params>\n<param>\n<value><array><data>\n<value><array><data>\n<value><string>\x1b[m\x1b[K</string></value>\n<value><string>sudo.rule.15958</string></value>\n</data></array></value>\n</data></array></value>\n</param>\n<param>\n<value><struct>\n<member>\n<name>continue</name>\n<value><boolean>0</boolean></value>\n</member>\n<member>\n<name>version</name>\n<value><string>2.65</string></value>\n</member>\n</struct></value>\n</param>\n</params>\n</methodCall>\n"
reply: 'HTTP/1.1 500 Internal Server Error\r\n'
header: Date: Thu, 14 Nov 2013 18:39:37 GMT
header: Server: Apache/2.4.6 (Red Hat) mod_auth_kerb/5.4 mod_fcgid/2.3.9 mod_nss/2.4.6 NSS/3.15.2 Basic ECC PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5
header: WWW-Authenticate: Negotiate YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRv5knk2jCvNufzLMXz1mudCdSrh7Gx9FF1j/oGX601ghFMdRreVcbJjFkBe1V+jk9gg8CBd5rCXoouJWQr+rPuqrdpj77A6B0gTcC+IMeMUOfc+FcwysjHYI7Fgc8BrQeOhUX3S+gIu/ynz8MCXX9k
header: Content-Length: 527
header: Connection: close
header: Content-Type: text/html; charset=iso-8859-1
ipa: ERROR: cannot connect to 'https://rh7a.yzhang.redhat.com/ipa/xml': Internal Server Error

Comment 5 Rob Crittenden 2013-11-15 02:04:33 UTC
There is some garbage mixed in there, \x1b[m\x1b[K

I wonder if escape characters from python are being stuffed in there.

Can you try setting TERM to vt100 before executing this?

Comment 6 Yi Zhang 2013-11-19 04:06:03 UTC
such garbage mixed chars might produced by pipe ("|") . I have seen similar chars in log file when "|" being used. The following command I used before create similar junk chars like "\[m\x265?" in log file. 

time $script 2>&1 |tee -a $log


I will try set my terminal to vt100 and see if i can remove it.

Comment 7 Martin Kosek 2013-11-20 08:08:22 UTC
Yi, did setting the terminal help? When tested in normal BASH, the command worked:

# ipa sudorule-find sudo.rule | grep "Rule name:" | cut -d":" -f2 | xargs ipa sudorule-del
-----------------------------
Deleted Sudo Rule "sudo.rule"
-----------------------------


Rob, I am thinking if that may be something we should fix and catch ExpatError, to let ipa provide better error message.

Comment 8 Rob Crittenden 2013-11-20 13:37:25 UTC
Yes, I agree.

Comment 9 Martin Kosek 2013-11-22 09:04:41 UTC
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/4049

Comment 13 Martin Kosek 2016-01-29 13:19:43 UTC
Thank you taking your time and submitting this request for Red Hat Enterprise Linux. Unfortunately, this bug was not given a priority and was deferred both in the upstream project and in Red Hat Enterprise Linux.

Given that we are unable to fulfill this request in following Red Hat Enterprise Linux releases, I am closing the Bugzilla as WONTFIX. To request that Red Hat re-considers the decision, please re-open the Bugzilla via appropriate support channels and provide additional business and/or technical details about its importance to you.

Note that you can still track this request or even contribute patches in the referred upstream Trac ticket.


Note You need to log in before you can comment on or make changes to this bug.