Description of problem: Greetings! I work on Bodhi (Fedora's Update System) and it uses python-bugzilla to manage the states on Fedora bugs in Bugzilla, which in turn uses Bugzilla's XML-RPC interface. After the upgrade to Bugzilla 5.0, I noticed some issues where Bodhi wasn't able to interact with Bugzilla, but yesterday it seemed to be working again. Today I received a report from a user that it wasn't working again: https://github.com/fedora-infra/bodhi/issues/2827 Some of the log entries indicate an authentication problem, but others do not. Is there a known issue with the XML-RPC interface that might be affecting Bodhi here?
I learned that this was likely due to an issue with one of Bugzilla's servers which has been removed from the system, so I will close this for now and will reopen if the issue returns. Thanks!
This bug came back over the weekend quite a few times (I'd guess between 75 and 125 or so). On my end, I'm getting this error from python-bugzilla: xmlrpc.client.Fault: <Fault 410: 'You must log in before using this part of Red Hat Bugzilla.'> Bodhi uses python-bugzilla to change ticket states (like moving to modified, on_qa, closed) and to add comments.
As an example, one failure was on https://bugzilla.redhat.com/show_bug.cgi?id=1652927 on 2018-12-16 at 14:51:16 UTC. Bodhi tried to change the bug status to MODIFIED and add a comment to that effect, using this code: https://github.com/fedora-infra/bodhi/blob/3.11.3/bodhi/server/bugs.py#L286 This call received the message Fault 410: 'You must log in before using this part of Red Hat Bugzilla.' Bodhi does authenticate to BZ (and has successfully altered some bugs over the past week and received this error on others).
Bodhi's user id is updates[0], and the error in comment 3 would have come from the host bodhi-backend02.phx2.fedoraproject.org, but I have no idea what public IP address that would appear to come from in the BZ logs. I did a test with curl from that host to a web server that I control and I saw it log 209.132.181.102, but I'm not sure if it would be the same when reaching BZ since Fedora Infrastructure and Red Hat have some peering as I understand it. Kevin, do you know what IP that bodhi-backend02 would hit BZ from? [0] https://infrastructure.fedoraproject.org/cgit/ansible.git/tree/roles/bodhi2/base/templates/production.ini.j2#n328
It would likely be its internal ip... since it sees bugzilla.redhat.com as it's internal 10.x.x.x ip. so, 10.5.125.135
I'm going to try switching Bodhi to Bugzilla's API key instead of using username/password auth to see if that helps. I will track that work here: https://github.com/fedora-infra/bodhi/issues/2827
I don't think this is a bug in Bugzilla, BZ5 fixed somer issues where BZ4 wasn't cleaning sessions when expected. Applications can no longer assume their session lasts forever and should re-login and retry if they get this message. APIKEYs are the way to have long lived access, which of course makes them very valuable. I'm going to close this, feel free to reopen if you think the login process itself is not working.