Red Hat Bugzilla – Bug 1449418
UnicodeEncodeError error on CapsuleGenerateAndSync task when provided custom CA has non-unicode characters
Last modified: 2018-09-18 14:32:57 EDT
CapsuleGenerateAndSync task errors with: [E] PLP0000: 'ascii' codec can't encode character u'\xe9' in position 76773: ordinal not in range(128) (Katello::Errors::PulpError) At the moment this is affecting the following repository, along with seneravl others: - Red_Hat_Virtualization-Red_Hat_Enterprise_Virtualization_Manager_3_6_RPMs_x86_64 The repository was successfully synced on the Satellite several hours earlier.
The full traceback: File "/usr/lib/python2.7/site-packages/celery/app/trace.py", line 240, in trace_task R = retval = fun(*args, **kwargs) File "/usr/lib/python2.7/site-packages/pulp/server/async/tasks.py", line 473, in __call__ return super(Task, self).__call__(*args, **kwargs) File "/usr/lib/python2.7/site-packages/pulp/server/async/tasks.py", line 103, in __call__ return super(PulpTask, self).__call__(*args, **kwargs) File "/usr/lib/python2.7/site-packages/celery/app/trace.py", line 437, in __protected_call__ return self.run(*args, **kwargs) File "/usr/lib/python2.7/site-packages/pulp/server/controllers/repository.py", line 762, in sync sync_report = sync_repo(transfer_repo, conduit, call_config) File "/usr/lib/python2.7/site-packages/pulp/server/async/tasks.py", line 658, in wrap_f return f(*args, **kwargs) File "/usr/lib/python2.7/site-packages/pulp_rpm/plugins/importers/yum/importer.py", line 80, in sync_repo self._current_sync = sync.RepoSync(repo, sync_conduit, call_config) File "/usr/lib/python2.7/site-packages/pulp_rpm/plugins/importers/yum/sync.py", line 86, in __init__ self.nectar_config = nectar_utils.importer_config_to_nectar_config(config.flatten()) File "/usr/lib/python2.7/site-packages/pulp/plugins/util/nectar_config.py", line 97, in importer_config_to_nectar_config download_config = DownloaderConfig(**download_config_kwargs) File "/usr/lib/python2.7/site-packages/nectar/config.py", line 136, in __init__ self._process_ssl_settings() File "/usr/lib/python2.7/site-packages/nectar/config.py", line 175, in _process_ssl_settings os.write(data_arg_os_handle, data_arg_value) UnicodeEncodeError: 'ascii' codec can't encode character u'\xe9' in position 76773: ordinal not in range(128)
Ah, so it is failing to parse the importer's config! Specifically it seems to be finding a non-ascii character in an SSL certificate. Is that reasonable? It strikes me as unexpected. Can you access the importer config and attach either the entire config here, or just the SSL certs?
Yes, the whole config would be helpful. Thanks!
Justin, what do you think about this? How would such characters end up in the cert?
We implemented the following workaround: Put the files "/usr/share/pki/ca-trust-source/ca-bundle.*" and "/usr/share/pki/ca-trust-legacy/ca-bundle.*" in "/etc/pki/ca-trust/source/blacklist/". Remove the files "/etc/pki/ca-trust/source/anchors/katello-server*" and run command "update-ca-trust". Then runthe satellite installer with the following options: satellite-installer --scenario satellite \ --certs-server-cert /etc/pki/tls/certs/host.cert \ --certs-server-cert-req /etc/pki/tls/private_new/host.csr \ --certs-server-key /etc/pki/tls/private/host.key \ --certs-server-ca-cert /etc/pki/tls/certs/ca-bundle.crt \ --certs-update-server --certs-update-server-ca Our own rootca's do not contain any characters like "é" or "ö".
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/20307 has been resolved.
Tanya and Patrick, could you make an upstream bug to track this? It seems to be failing to write the cert contents out to disk.
The Pulp upstream bug status is at NEW. Updating the external tracker on this bug.
The Pulp upstream bug priority is at Normal. Updating the external tracker on this bug.
Removing the pulp redmine issue as its status is independent of this BZ.
Move to NEW, since Pulp upstream bug is not fixed yet.
The Pulp upstream bug status is at ASSIGNED. Updating the external tracker on this bug.
The Pulp upstream bug status is at POST. Updating the external tracker on this bug.
Waiting for this to be merged: https://github.com/pulp/nectar/pull/61
Upstream bug assigned to chrobert@redhat.com
The Pulp upstream bug status is at MODIFIED. Updating the external tracker on this bug.
Requesting needsinfo from upstream developer mansari@redhat.com because the 'FailedQA' flag is set.
Upstream bug is fixed and merged, moving to POST
All upstream Pulp bugs are at MODIFIED+. Moving this bug to POST.
The Pulp upstream bug status is at ON_QA. Updating the external tracker on this bug.
The Pulp upstream bug status is at CLOSED - CURRENTRELEASE. Updating the external tracker on this bug.
Upstream bug assigned to tbrisker@redhat.com
Waiting for this to be merged: https://github.com/pulp/pulp/pull/3227
Waiting for a final review by a core dev on this: https://github.com/pulp/pulp/pull/3227
Verified in Satellite 6.3.3 Snap 3 I used https://github.com/iNecas/ownca.git to create custom certs for my satellite and capsule. In those, I used characters from the Greek alphabet. The newly update katello-certs-check didn't immediately reject the certs due to the presence of non-ascii characters. Then applying those certs to the satellite and capsule also worked. Finally, the Capsule was able to successfully sync all content from the Satellite.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:2550