CapsuleGenerateAndSync task errors with:
[E] PLP0000: 'ascii' codec can't encode character u'\xe9' in position 76773: ordinal not in range(128) (Katello::Errors::PulpError)
At the moment this is affecting the following repository, along with seneravl others:
The repository was successfully synced on the Satellite several hours earlier.
The full traceback:
File "/usr/lib/python2.7/site-packages/celery/app/trace.py", line 240, in trace_task
R = retval = fun(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/pulp/server/async/tasks.py", line 473, in __call__
return super(Task, self).__call__(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/pulp/server/async/tasks.py", line 103, in __call__
return super(PulpTask, self).__call__(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/celery/app/trace.py", line 437, in __protected_call__
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/pulp/server/controllers/repository.py", line 762, in sync
sync_report = sync_repo(transfer_repo, conduit, call_config)
File "/usr/lib/python2.7/site-packages/pulp/server/async/tasks.py", line 658, in wrap_f
return f(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/pulp_rpm/plugins/importers/yum/importer.py", line 80, in sync_repo
self._current_sync = sync.RepoSync(repo, sync_conduit, call_config)
File "/usr/lib/python2.7/site-packages/pulp_rpm/plugins/importers/yum/sync.py", line 86, in __init__
self.nectar_config = nectar_utils.importer_config_to_nectar_config(config.flatten())
File "/usr/lib/python2.7/site-packages/pulp/plugins/util/nectar_config.py", line 97, in importer_config_to_nectar_config
download_config = DownloaderConfig(**download_config_kwargs)
File "/usr/lib/python2.7/site-packages/nectar/config.py", line 136, in __init__
File "/usr/lib/python2.7/site-packages/nectar/config.py", line 175, in _process_ssl_settings
UnicodeEncodeError: 'ascii' codec can't encode character u'\xe9' in position 76773: ordinal not in range(128)
Ah, so it is failing to parse the importer's config! Specifically it seems to be finding a non-ascii character in an SSL certificate. Is that reasonable? It strikes me as unexpected.
Can you access the importer config and attach either the entire config here, or just the SSL certs?
Yes, the whole config would be helpful. Thanks!
Justin, what do you think about this? How would such characters end up in the cert?
We implemented the following workaround:
Put the files "/usr/share/pki/ca-trust-source/ca-bundle.*" and "/usr/share/pki/ca-trust-legacy/ca-bundle.*" in "/etc/pki/ca-trust/source/blacklist/". Remove the files "/etc/pki/ca-trust/source/anchors/katello-server*" and run command "update-ca-trust". Then runthe satellite installer with the following options:
satellite-installer --scenario satellite \
--certs-server-cert /etc/pki/tls/certs/host.cert \
--certs-server-cert-req /etc/pki/tls/private_new/host.csr \
--certs-server-key /etc/pki/tls/private/host.key \
--certs-server-ca-cert /etc/pki/tls/certs/ca-bundle.crt \
Our own rootca's do not contain any characters like "é" or "ö".
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/20307 has been resolved.
Tanya and Patrick, could you make an upstream bug to track this? It seems to be failing to write the cert contents out to disk.
The Pulp upstream bug status is at NEW. Updating the external tracker on this bug.
The Pulp upstream bug priority is at Normal. Updating the external tracker on this bug.
Removing the pulp redmine issue as its status is independent of this BZ.
Move to NEW, since Pulp upstream bug is not fixed yet.
The Pulp upstream bug status is at ASSIGNED. Updating the external tracker on this bug.
The Pulp upstream bug status is at POST. Updating the external tracker on this bug.
Waiting for this to be merged:
Upstream bug assigned to email@example.com
The Pulp upstream bug status is at MODIFIED. Updating the external tracker on this bug.
Requesting needsinfo from upstream developer firstname.lastname@example.org because the 'FailedQA' flag is set.
Upstream bug is fixed and merged, moving to POST
All upstream Pulp bugs are at MODIFIED+. Moving this bug to POST.
The Pulp upstream bug status is at ON_QA. Updating the external tracker on this bug.
The Pulp upstream bug status is at CLOSED - CURRENTRELEASE. Updating the external tracker on this bug.
Upstream bug assigned to email@example.com
Waiting for this to be merged:
Waiting for a final review by a core dev on this:
Verified in Satellite 6.3.3 Snap 3
I used https://github.com/iNecas/ownca.git to create custom certs for my satellite and capsule. In those, I used characters from the Greek alphabet.
The newly update katello-certs-check didn't immediately reject the certs due to the presence of non-ascii characters.
Then applying those certs to the satellite and capsule also worked.
Finally, the Capsule was able to successfully sync all content from the Satellite.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.