Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2094243

Summary: insights-client: Traceback printed in stderr during registration after I set wrong hostname for insights-service
Product: Red Hat Enterprise Linux 9 Reporter: Jan Stavel <jstavel>
Component: insights-clientAssignee: Alba Hita <ahitacat>
Status: CLOSED CURRENTRELEASE QA Contact: Pavol Kotvan <pakotvan>
Severity: low Docs Contact:
Priority: low    
Version: 9.1CC: ahitacat, cmarinea, fjansen, gchamoul, link, prgutier, redakkan, stomsa
Target Milestone: rcKeywords: Triaged
Target Release: ---Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: SCRUB_20220609
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-12-07 07:28:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan Stavel 2022-06-07 09:31:24 UTC 
I see a traceback after I make insights-service down - (by settig wrong hostname for insights service in /etc/hosts)

I have tried to simulate a case when the service is down during registering to the service.


  - name: Set /etc/hosts with wrong hostname of Insights Service
      copy:
        content: |
          10.2.77.208 cert.cloud.stage.redhat.com
          127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
          ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
        dest:
          /etc/hosts
        mode: '644' 


   - name: Register the system
      command: "subscription-manager register --username {{ rhsm.username }} --password {{ rhsm.password }}"
      register: out
      changed_when: out.rc != 0
      environment:
          - SUBMAN_DEBUG_PRINT_REQUEST: "1"

  - name: register to insights service # noqa ignore-errors
          command: "insights-client --register"
          register: out
          changed_when: out.rc != 0
          ignore_errors: yes


I see stderr from the command above:

Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/urllib3/connectionpool.py", line 699, in urlopen
    httplib_response = self._make_request(
  File "/usr/lib/python3.9/site-packages/urllib3/connectionpool.py", line 382, in _make_request
    self._validate_conn(conn)
  File "/usr/lib/python3.9/site-packages/urllib3/connectionpool.py", line 1010, in _validate_conn
    conn.connect()
  File "/usr/lib/python3.9/site-packages/urllib3/connection.py", line 411, in connect
    self.sock = ssl_wrap_socket(
  File "/usr/lib/python3.9/site-packages/urllib3/util/ssl_.py", line 449, in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(
  File "/usr/lib/python3.9/site-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
    return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/lib64/python3.9/ssl.py", line 500, in wrap_socket
    return self.sslsocket_class._create(
  File "/usr/lib64/python3.9/ssl.py", line 1040, in _create
    self.do_handshake()
  File "/usr/lib64/python3.9/ssl.py", line 1309, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/requests/adapters.py", line 439, in send
    resp = conn.urlopen(
  File "/usr/lib/python3.9/site-packages/urllib3/connectionpool.py", line 755, in urlopen
    retries = retries.increment(
  File "/usr/lib/python3.9/site-packages/urllib3/util/retry.py", line 574, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='cert.cloud.stage.redhat.com', port=443): Max retries exceeded with url: /api/module-update-router/v1/channel?module=insights-core (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')))



The same error appears even in cockpit after I register a system using subscriptions cockpit plugin.
Comment 1 Jan Stavel 2022-06-07 09:35:57 UTC 
I've attached a complete ansible playbook to reproduce the case.
Comment 12 Jan Stavel 2023-11-09 13:07:08 UTC 
Hello,
I have verified that the fix solved the problem - ie. no traceback appears when registering.
It prints a well formatted message instead.


TASK [register to insights service] ***************************************************************************************************************************************************************************
fatal: [cloud-qe-09.idmqe.lab.eng.bos.redhat.com]: FAILED! => changed=true 
  cmd:
  - insights-client
  - --register
  delta: '0:00:26.882901'
  end: '2023-11-09 07:59:53.903428'
  msg: non-zero return code
  rc: 1
  start: '2023-11-09 07:59:27.020527'
  stderr: ''
  stderr_lines: <omitted>
  stdout: |-
    Unable to fetch egg url https://cert.cloud.stage.redhat.com/api/module-update-router/v1/channel?module=insights-core: HTTPSConnectionPool(host='cert.cloud.stage.redhat.com', port=443): Max retries exceeded with url: /api/module-update-router/v1/channel?module=insights-core (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)'))). Defaulting to /release
    HTTPSConnectionPool(host='cert.cloud.stage.redhat.com', port=443): Max retries exceeded with url: /api/v1/static/release/insights-core.egg (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')))
    The Insights API could not be reached.
    Automatic scheduling for Insights has been enabled.
    Starting to collect Insights data for cloud-qe-09.idmqe.lab.eng.bos.redhat.com
    Uploading Insights data.
    Upload attempt 1 of 1 failed! Reason: HTTPSConnectionPool(host='cert.cloud.stage.redhat.com', port=443): Max retries exceeded with url: /api/ingress/v1/upload (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')))
    All attempts to upload have failed!
    Please see /var/log/insights-client/insights-client.log for additional information
    Upload failed.
  stdout_lines: <omitted>
...ignoring



version of rhel:

      DISTRO=RHEL-9.3.0-20231109.0
      ARCHITECTURE=x86_64
Comment 13 RHEL Program Management 2023-12-07 07:28:36 UTC 
After evaluating this issue, there are no plans to address it further or fix it in an upcoming release.  Therefore, it is being closed.  If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.