Bug 464475 - satellite 5.1.1 multi-org: unable to rhnpush packages when switching between orgs unless --no-session-caching is specified
satellite 5.1.1 multi-org: unable to rhnpush packages when switching between ...
Status: CLOSED CURRENTRELEASE
Product: Spacewalk
Classification: Community
Component: Server (Show other bugs)
0.2
All Linux
high Severity high
: ---
: ---
Assigned To: Michael Mráka
Devan Goodwin
:
Depends On:
Blocks: space04
  Show dependency treegraph
 
Reported: 2008-09-29 07:24 EDT by Michael Mráka
Modified: 2009-09-17 03:06 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-09-17 03:06:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Michael Mráka 2008-09-29 07:24:27 EDT
+++ This bug was initially created as a clone of Bug #461701 +++

--- Additional comment from xdmoon@redhat.com on 2008-09-09 20:04:27 EDT ---

Public Bug Summary:

Using a satellite with rhns-5.1.1-14 and rhnpush-5.1.1-1 with more than one org, say, default-org and other-org, then switching between the orgs/users when doing multiple uploading of packages will fail with the following error -
[snip]
Result codes: 200 OK
Computing md5sum and package Info .This may take sometime ...

Error Message:
    You are not allowed to manage channel other-org-testing, or that channel
does not exist
Error Class Code: 32
Error Class Info: Channel error
Explanation:
     An error has occurred while processing your request. If this problem
     persists please enter a bug report at bugzilla.redhat.com.
     If you choose to submit the bug report, please be sure to include
     details of what you were trying to do when this error occurred and
     details on how to reproduce this problem.

Looking at the satellite logs with debug=5, I see this:
[snip]

For example: 

1. first push a package for default org with the org admin user, which succeeds:

rhnpush --force --nosig --server $(uname -n) --channel test-default-org-channel -vvv --username admin --password password rhn-html-5.1.1-8.noarch.rpm

2. now push a package for other org with its admin user, which will fail:

rhnpush --force --nosig --server $(uname -n) --channel test-other-org-channel -vvv --username admin-test --password password rhn-html-5.1.1-8.noarch.rpm

This appears to be due to session caching, where the cached session is used for authentication, regardless of the current username/password provided to rhnpush.

Workaround is to either use --no-session-caching as an option to rhnpush, or the following patch:

[root ~]# diff -ru /usr/share/rhn/rhnpush/uploadLib2.py.orig  /usr/share/rhn/rhnpush/uploadLib2.py
--- /usr/share/rhn/rhnpush/uploadLib2.py.orig   2008-05-07 22:48:03.000000000 -0400
+++ /usr/share/rhn/rhnpush/uploadLib2.py        2008-09-09 19:08:06.000000000 -0400
@@ -454,7 +454,7 @@
     #session token authentication
     def new_sat_test(self):
         if self.new_sat is None:
-            if self.options.no_session_caching:
+            if self.options.no_session_caching or self.options.username:
                 self.new_sat = 0
             else:
                 self.new_sat = 1

--- Additional comment from mmraka@redhat.com on 2008-09-26 09:09:28 EDT ---

Hi Xixi,
although your patch works it has a unexpected side effect - it turns session caching entirely off. 
That means after rhnpush --username ... the session key is not stored and subsequent  rhnpush (without --username) will use the key stored by last but one call.
So my fix is: if --username is set use username/password authentication and generate new session key.

--- a/client/tools/rhnpush/uploadLib2.py
+++ b/client/tools/rhnpush/uploadLib2.py
@@ -443,11 +443,11 @@ class UploadClass:
     #After they've entered their username/password, they are passed to the new XMLRPC call 'login', which will 
     #verify the user/pass and return a new session string if they are correct.
     #Need to fix this up so there's less repeated code.
     def authenticate(self):
         #Only use the session token stuff if we're talking to a sat that supports sessi
on-token authentication.
         if self.new_sat_test():
             self.readSession()
-            if self.session and not self.options.new_cache:
+            if self.session and not self.options.new_cache and self.options.username == self.username:
                 chksession = self.checkSession(self.session.getSessionString())
                 if not chksession:
                     self.setUsernamePassword()

--- Additional comment from xdmoon@redhat.com on 2008-09-26 13:44:14 EDT ---

(In reply to comment #6)
Hi Michael,
You're right that's what I meant to do but apparently implemented it wrong...  Thanks for fixing it and for the explanation!
Xixi
Comment 1 Michael Mráka 2008-09-29 07:28:34 EDT
Fixed in git, commit aa029e72a8aaa2472aa516d5ca5ac7101aae3b3c.
Comment 2 Devan Goodwin 2008-11-05 14:20:25 EST
Looks like a problem here. I tested by first attempting a re-upload of a package I'd uploaded previously to my primary org, just to make sure I got the session caching information.

[root@dhcp77-231 CentOS]# rhnpush --nosig --channel=test-channel --server=http://dhcp77-231.rhndev.redhat.com/APP zsh-4.2.6-1.i386.rpm --newest

This complains without --newest but with it just prompted me for username and password and then said no packages to upload. Subsequent re-runs stopped asking for username and password.

[root@dhcp77-231 CentOS]# rhnpush --nosig --channel=test-channel --server=http://dhcp77-231.rhndev.redhat.com/APP zsh-4.2.6-1.i386.rpm --newest

No new files to upload; exiting



Then I attempted to upload to a channel created in another org specifying that org user on the command line:

[root@dhcp77-231 CentOS]# rhnpush --nosig --channel=org2-channel --server=http://dhcp77-231.rhndev.redhat.com/APP zsh-4.2.6-1.i386.rpm --newest --username admin2 --password dog8code



Error Message:

    You are not allowed to manage channel org2-channel, or that channel does not exist

Error Class Code: 32

Error Class Info: Channel error

Explanation:

     An error has occurred while processing your request. If this problem

     persists please enter a bug report at bugzilla.redhat.com.

     If you choose to submit the bug report, please be sure to include

     details of what you were trying to do when this error occurred and

     details on how to reproduce this problem.


Adding --no-session-caching again and the command succeeds and the package is uploaded:

[root@dhcp77-231 CentOS]# rhnpush --nosig --channel=org2-channel --server=http://dhcp77-231.rhndev.redhat.com/APP zsh-4.2.6-1.i386.rpm --newest --username admin2 --password dog8code --no-session-caching


This leads me to believe there is still a caching bug in play here. (possibly when the original username+password is not specified directly on the cmdline)

Going to move to fails_qa and bump to spacewalk 0.4.
Comment 3 Michael Mráka 2008-11-06 09:09:53 EST
[root@dhcp77-231 ~]# rpm -qf `type -p rhnpush`
rhnpush-0.2.4-1.el5.sw

Please test with rhnpush-0.3.1-1.
Comment 4 Devan Goodwin 2009-03-27 10:23:31 EDT
Verified in sw 0.5. Better late than never.
Comment 5 Miroslav Suchý 2009-09-17 03:06:34 EDT
Spacewalk 0.4 has been released for some time.

Note You need to log in before you can comment on or make changes to this bug.