Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 2026873 - Date parse error around SCA cert fetching when system locale is en_AU or en_CA
Summary: Date parse error around SCA cert fetching when system locale is en_AU or en_CA
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Candlepin
Version: 6.10.0
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: 6.11.0
Assignee: satellite6-bugs
QA Contact: sganar
URL:
Whiteboard:
: 2026864 (view as bug list)
Depends On: 2026874 2026875
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-11-26 09:58 UTC by Nikos Moumoulidis
Modified: 2024-12-20 21:39 UTC (History)
4 users (show)

Fixed In Version: candlepin-4.0.14-1, candlepin-4.1.9-1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 2026874 2026875 (view as bug list)
Environment:
Last Closed: 2022-07-05 14:30:33 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
stacktrace (7.55 KB, text/plain)
2021-11-26 09:58 UTC, Nikos Moumoulidis 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:5498 0 None None None 2022-07-05 14:30:55 UTC

Description Nikos Moumoulidis 2021-11-26 09:58:42 UTC 
Created attachment 1843686 [details]
stacktrace

Description of problem:
When the system's default locale is set to en_AU or en_CA (and possibly other locales), SCA cert generation on the /accessible_content candlepin API always fails with 400 status code and this error:

Runtime Error RESTEASY003870: Unable to extract parameter from http request: javax.ws.rs.HeaderParam("If-Modified-Since") value is 'Thu, 01 Jan 1970 00:00:00 GMT' for public javax.ws.rs.core.Response org.candlepin.resource.ConsumerResource.getContentAccessBody(java.lang.String,java.util.Date) at org.candlepin.resteasy.DateFormatter.fromString:75
(see attachment for full stacktrace)

This is only happening on Java 11 (new for Sat 6.10) with root cause being https://bugs.openjdk.java.net/browse/JDK-8208487


Version-Release number of selected component (if applicable):
candlepin-4.0.9-1.el7sat.noarch.rpm

How reproducible:
100%

Steps to Reproduce:
1. Set system locale with "sudo localectl set-locale LANG=en_AU.UTF-8"
2. Restart the tomcat service.
3. Register a host to an organization with SCA mode enabled (the registration and SCA cert generation should still be successful).
4. Check /var/log/candlepin.log on the server, and /var/lib/rhsm/cache/content_access.json on the host.

Actual results:
There is a stack trace and 400 response status on the candlepin.log on the server.
There is no /var/lib/rhsm/cache/content_access.json cache file on the client.

Expected results:
There should be no stack trace or error on the candlepin.log.
The file cache file /var/lib/rhsm/cache/content_access.json should exist on the client.

Additional info:

The effect is minimal, since the SCA cert generation still works (through other API calls subscription-manager/rhsmcertd makes), but the client-side cache loses it's effect, since now the server is re-sending the same SCA certificate on every check in (instead of a 304 response).
Comment 1 Hao Chang Yu 2021-11-26 10:05:07 UTC 
*** Bug 2026864 has been marked as a duplicate of this bug. ***
Comment 2 Nikos Moumoulidis 2021-11-26 10:07:41 UTC 
There are workarounds:

One workaround is to set the system locale to en_US.UTF-8 and then restart tomcat.
--------------------------
localectl set-locale LANG=en_US.UTF-8
systemctl restart tomcat
--------------------------


Alternatively, you can add jvm variable '-Djava.locale.providers=COMPAT,CLDR' in the JAVA_OPTS of /etc/tomcat/tomcat.conf.
------------------------------------
# Edit /etc/tomcat/tomcat.conf, change this line from:

JAVA_OPTS="-Xms1024m -Xmx4096m"

# To:

JAVA_OPTS="-Xms1024m -Xmx4096m -Djava.locale.providers=COMPAT,CLDR"

# Then restart tomcat
systemctl restart tomcat
-----------------------------------
Comment 4 sganar 2022-06-14 12:09:34 UTC 
Verified.

Tested on Satellite 6.11.0 Snap 24.0

Steps followed: 
1. Set system locale with "sudo localectl set-locale LANG=en_AU.UTF-8"
2. Restart the tomcat service.
3. Register a host to an organization with SCA mode enabled (the registration and SCA cert generation should still be successful).
4. Check `/var/log/candlepin.log` on the server, and `/var/lib/rhsm/cache/content_access.json` on the host.

Observations: 
No error is observed in `/var/log/candlepin.log` and `/var/lib/rhsm/cache/content_access.json` exists on the client.
Comment 7 errata-xmlrpc 2022-07-05 14:30:33 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Satellite 6.11 Release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:5498
Note You need to log in before you can comment on or make changes to this bug.