Bug 1259248 - Error when generating debug certificate after refreshing manifest
Error when generating debug certificate after refreshing manifest
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Candlepin (Show other bugs)
Unspecified Unspecified
unspecified Severity high (vote)
: 6.1.3
: --
Assigned To: Chris Rog
Tazim Kolhar
: Triaged
Depends On:
  Show dependency treegraph
Reported: 2015-09-02 05:38 EDT by Michael Stead
Modified: 2017-02-23 14:47 EST (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-10-15 14:20:38 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 1609643 None None None Never

  None (edit)
Description Michael Stead 2015-09-02 05:38:53 EDT
Description of problem:

When a manifest is refreshed after a debug certificate has been downloaded, the debug entitlement is removed in candlepin. When an attempt is made to re-download the debug certificate, candlepin does not find the entitlement (which it assumes to exist) and fails rather hard -- the debug certificate can no longer be downloaded without error.

Version-Release number of selected component (if applicable):
Satellite 6.1.1

How reproducible:

Steps to Reproduce on Satellite:
1. Import a manifest into an org
2. Select 'Manage Organizations' and 'Edit' the org above.
3. Click the 'Generate and Download' button to download the debug certificate.
4. Refresh the manifest:
      * Navigate to Content -> Red Hat Subscriptions
      * Click 'Manage Manifest'
      * Click 'Refresh Manifest'
5. Repeat steps 2-3 to attempt to re-download the debug certificate.

Actual results:
  "error": {"message":"Katello::Resources::Candlepin::Owner: 500 Internal Server Error {\"displayMessage\":\"Runtime Error Index: 0, Size: 0 at java.util.ArrayList.rangeCheck:635\",\"requestUuid\":\"e09c4eff-175c-49e4-b1e7-2f41bfcbffb7\"} (GET /candlepin/owners/mtest/uebercert)"}

Steps to reproduce on candlepin (for developer purposes):
1. Generate a manifest and download (manifest_1)
2. Update that manifest by adding a new subscription and re-download (manifest_2)
3. ./cpc create_org testorg
4. ./cpc import testorg /path/to/manifest_1/file
5. ./cpc generate_ueber_cert testorg
6. ./cpc import testorg /path/to/manifest_2/file
7. ./cpc generate_ueber_cert testorg

Actual Results:
/home/mstead/.rvm/gems/ruby-2.2.1@redhat/gems/rest-client-1.6.7/lib/restclient/abstract_response.rb:48:in `return!': 500 Internal Server Error (RestClient::InternalServerError)
	from /home/mstead/.rvm/gems/ruby-2.2.1@redhat/gems/rest-client-1.6.7/lib/restclient/request.rb:230:in `process_result'
	from /home/mstead/.rvm/gems/ruby-2.2.1@redhat/gems/rest-client-1.6.7/lib/restclient/request.rb:178:in `block in transmit'
	from /home/mstead/.rvm/rubies/ruby-2.2.1/lib/ruby/2.2.0/net/http.rb:853:in `start'
	from /home/mstead/.rvm/gems/ruby-2.2.1@redhat/gems/rest-client-1.6.7/lib/restclient/request.rb:172:in `transmit'
	from /home/mstead/.rvm/gems/ruby-2.2.1@redhat/gems/rest-client-1.6.7/lib/restclient/request.rb:64:in `execute'
	from /home/mstead/.rvm/gems/ruby-2.2.1@redhat/gems/rest-client-1.6.7/lib/restclient/request.rb:33:in `execute'
	from /home/mstead/.rvm/gems/ruby-2.2.1@redhat/gems/rest-client-1.6.7/lib/restclient/resource.rb:67:in `post'
	from /home/mstead/development/sandbox/redhat/candlepin/server/client/ruby/candlepin_api.rb:1215:in `post'
	from /home/mstead/development/sandbox/redhat/candlepin/server/client/ruby/candlepin_api.rb:262:in `generate_ueber_cert'
	from ./cpc:131:in `<main>'

Checking the candlepin log will yeild:
2015-09-01 15:37:22,358 [req=a57e989a-1741-472f-ad2f-6b833a5950c7, org=mtest] ERROR org.candlepin.common.exceptions.mappers.CandlepinEx
ceptionMapper - Runtime Error Index: 0, Size: 0 at java.util.ArrayList.rangeCheck:653
java.lang.IndexOutOfBoundsException: Index: 0, Size: 0
        at java.util.ArrayList.rangeCheck(ArrayList.java:653) ~[na:1.8.0_51]
        at java.util.ArrayList.get(ArrayList.java:429) ~[na:1.8.0_51]
        at org.candlepin.resource.OwnerResource.createUeberCertificate(OwnerResource.java:1277)

--stacktrace snip--

Expected results:
No errors, and the debug certificate should be regenerated and successfully downloaded.

Work Around:

This issue can be worked around, but, will require database access. Please note that until a fix is put into candlepin, the issue will re-occur if a manifest refresh is done after the debug certificate is generated.

Here is an example targeting the 'MTest' org. Running the following SQL statements should clear up the issue.

1. As root user, run:
'su - postgres'

2. psql candlepin
3. Gather some key information by running the following queries:

a) Substitute mtest in the query below with the label of the Org you are having issues with.

select c.id as consumer_id, c.name as consumer_name, o.account, o.displayname as org from cp_consumer c, cp_owner o where c.owner_id=o.id and c.name = 'ueber_cert_consumer' and o.account='mtest';

           consumer_id                               |    consumer_name       | account |  org  
---------------------------------------------------------- -+----------------------------------+------------+-------
 8a90ccd24f89ec4b014f8bde7dbb092d | ueber_cert_consumer   | mtest    | MTest
(1 row)

b) Substitute mtest below with your org label. You want your org label appended in front of '_ueber_product'. For example, 'myorg_ueber_product'. 

select p.id as product_id, pc.content_id as content_id from cp_product p, cp_product_content pc where p.name='mtest_ueber_product' and pc.product_id = p.id;

  product_id          |  content_id   
 1441160658350 | 1441160658350
(1 row)

4) With this information, delete the rows as follows (be sure to substitute the data from above into the delete statements). Each statement should respond with 'DELETE 1' if it was successful.

delete from cp_subscription where product_id = 'PRODUCT_ID_FROM_ABOVE';
delete from cp_content where id = 'CONTENT_ID_FROM_ABOVE';
delete from cp_product where id='PRODUCT_ID_FROM_ABOVE';
delete from cp_consumer where id = 'CONSUMER_ID_FROM_ABOVE';

5) You should now be able to download the debug certificate for this org.
Comment 1 Chris Rog 2015-09-15 09:52:49 EDT
commit 1ebe249e79d62d803ac69b240a0544ce47c6273e
Author: Chris Rog <crog@redhat.com>
Date:   Tue Sep 8 16:47:37 2015 -0400

    1259248: Fixed issue with refresh pools removing ueber certs
    - Refresh pools, and anything making use of the function, will no
      longer remove any generate ueber certs
    - Partial information for ueber certs or consumers will no longer
      cause 500 errors when generating or retrieving ueber certs
Comment 4 Bryan Kearney 2015-09-24 08:55:33 EDT
When testing this, can you please also look at https://bugzilla.redhat.com/show_bug.cgi?id=1260560. I am curious to see if they are the same issue.
Comment 7 Corey Welton 2015-10-02 17:52:08 EDT
Testing blocked due to https://bugzilla.redhat.com/show_bug.cgi?id=1268483
Comment 8 Tazim Kolhar 2015-10-05 07:39:14 EDT
# rpm -qa | grep foreman

1. Import a manifest into an org
2. Select 'Manage Organizations' and 'Edit' the org above.
3. Click the 'Generate and Download' button to download the debug certificate.
4. Refresh the manifest:
      * Navigate to Content -> Red Hat Subscriptions
      * Click 'Manage Manifest'
      * Click 'Refresh Manifest'
5. Repeat steps 2-3 to attempt to re-download the debug certificate.

No errors, and the debug certificate is regenerated and successfully downloaded.
Comment 10 errata-xmlrpc 2015-10-15 14:20:38 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.