Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1710625 - foreman-debug collects qpid-stat output with incorrect command-line - ssl certificate does not exist
Summary: foreman-debug collects qpid-stat output with incorrect command-line - ssl cer...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Foreman Debug
Version: 6.6.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: 6.6.0
Assignee: Lukas Zapletal
QA Contact: Vladimír Sedmík
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-05-15 21:12 UTC by Jan Hutař
Modified: 2019-11-15 19:50 UTC (History)
3 users (show)

Fixed In Version: katello-3.12.0-2
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-10-22 19:48:13 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github theforeman foreman-packaging pull 3792 0 'None' closed BZ#1710625 - updated qpidd debug paths 2020-08-10 16:01:29 UTC

Description Jan Hutař 2019-05-15 21:12:41 UTC 
Description of problem:
foreman-debug collects qpid-stat output with incorrect command-line - ssl certificate used in the command does not exist


Version-Release number of selected component (if applicable):
foreman-debug-1.22.0-0.5.RC1.el7sat.noarch
satellite-6.6.0-4.beta.el7sat.noarch


How reproducible:
always


Steps to Reproduce:
1. # foreman-debug -a
2. # cat /var/tmp/foreman-debug-.../qpid-stat-q 
COMMAND> qpid-stat -q --ssl-certificate=/etc/pki/katello/qpid_client_striped.crt -b amqps://localhost:5671

Failed: InternalError - Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/qpid/messaging/driver.py", line 545, in dispatch
    self.connect()
  File "/usr/lib/python2.7/site-packages/qpid/messaging/driver.py", line 572, in connect
    self._transport = trans(self.connection, host, port)
  File "/usr/lib/python2.7/site-packages/qpid/messaging/transports.py", line 120, in __init__
    cert_reqs=validate)
  File "/usr/lib64/python2.7/ssl.py", line 934, in wrap_socket
    ciphers=ciphers)
  File "/usr/lib64/python2.7/ssl.py", line 547, in __init__
    self._context.load_cert_chain(certfile, keyfile)
IOError: [Errno 2] No such file or directory


Actual results:
There is a traceback in the file (there are other files with this traceback in the dir as well: qpid-stat-q, qpid-stat-u, qpid-stat-c)


Expected results:
There should be useful output in the file


Additional info:
This works in 6.4 (have not tested in 6.5), so marking this as a regression
Comment 3 Lukas Zapletal 2019-05-16 11:58:48 UTC 
Pavel can you drop a comment on that? What is the solution to this? Thanks.
Comment 4 Pavel Moravec 2019-05-17 13:34:36 UTC 
(In reply to Lukas Zapletal from comment #3)
> Pavel can you drop a comment on that? What is the solution to this? Thanks.

What I understood, there was really a change in the certs location since Sat 6.6. (to have it more confusing, 6.5 upgraded to 6.6 is fine, just fresh install of 6.6 lacks that cert file).

https://github.com/theforeman/puppet-katello/commit/4dacea9c58c287e6d4edd36bf311e3c8d9c21d12 is the relevant upstream change, causing

/etc/pki/katello/qpid_client_striped.crt

should be replaced by 

/etc/pki/pulp/qpid/client.crt


Sadly, I havent found a SSL certs file that would exist on both 6.5 and 6.6 systems and we could use. So, foreman-debug (and also sosreport) would have to:

- detect which of the two files exist (such that f-d or sos can work with either older or newer Sat, or with fresh install / upgraded one)
- use that SSL certs file for the cmd

(maybe the proper cert place can be obtained fomr some answer file or a kafo internal file like the one in upstream commit, that is also possible way of getting the proper filename with SSL cert)


I created https://bugzilla.redhat.com/show_bug.cgi?id=1711305 for the same for sosreport.


Honzo, I assume you will verify the fix in f-d and also in sosreport (since f-d is being merged into sos). And nice finding, this would hurt on support.
Comment 5 Lukas Zapletal 2019-05-20 13:21:27 UTC 
The patch is at https://github.com/theforeman/foreman-packaging/pull/3792
Comment 6 Pavel Moravec 2019-05-21 16:15:34 UTC 
FYI sosreport since RHEL7.7 will contain the fix, bz1711305 included in the 7.7 errata.
Comment 9 Bryan Kearney 2019-10-22 19:48:13 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:3172
Note You need to log in before you can comment on or make changes to this bug.