Bug 472601 - Installing proxy 5.2 on RHEL 5 through the web UI leaves SSL improperly configured
Summary: Installing proxy 5.2 on RHEL 5 through the web UI leaves SSL improperly confi...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite Proxy 5
Classification: Red Hat
Component: Installer
Version: 520
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Shannon Hughes
QA Contact: Brandon Perkins
URL:
Whiteboard:
Depends On: 472454
Blocks: 468734
TreeView+ depends on / blocked
 
Reported: 2008-11-21 22:37 UTC by Xixi
Modified: 2009-03-25 14:47 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-03-25 14:47:24 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2009:0391 0 normal SHIPPED_LIVE Red Hat Network Satellite bug fix update 2009-03-25 14:47:42 UTC

Comment 1 Xixi 2008-11-21 22:38:38 UTC
Cloned from bug 472454 to align against 5.2.1 maintenance release

Comment 2 Shannon Hughes 2009-02-12 17:35:57 UTC
this was committed to 5.2 branch, svn commit 179521

Comment 4 Jeff Browning 2009-03-10 16:31:51 UTC
Here are the results using the following configuration:

RHEL5 Satellite
RHEL5 Proxy

Proxy installs fine.
A check of the configuration file in question shows that the changes specified
in this ticket have taken place:

#   Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate.  If
# the certificate is encrypted, then you will be prompted for a
# pass phrase.  Note that a kill -HUP will prompt again.  A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key


However, when trying to register a client to the Proxy, I get this error in the
terminal:

An error has occurred:
xmlrpclib.Fault

And this error in an email:

Exception reported from rlx-0-06.rhndev.redhat.com
Time: Tue Mar 10 11:59:50 2009
Exception type exceptions.OSError
Exception while handling function ProxyAuth.set_cached_token
Extra information about this error:
Caching of authentication token for proxy id 1000010041 failed!
Either the authentication caching daemon is experiencing
problems, isn't running, or the token is somehow corrupt.


Exception Handler Information
Traceback (most recent call last):
  File "/usr/share/rhn/proxy/broker/rhnProxyAuth.py", line 134, in
set_cached_token
    shelf[self.__cache_proxy_key()] = token
  File "/usr/share/rhn/proxy/broker/rhnProxyAuth.py", line 380, in __setitem__
    return rhnCache.set(rkey, val)
  File "/usr/share/rhn/common/rhnCache.py", line 68, in set
    cache.set(name, value, modified)
  File "/usr/share/rhn/common/rhnCache.py", line 334, in set
    self.cache.set(name, pickled, modified)
  File "/usr/share/rhn/common/rhnCache.py", line 228, in set
    fd = self.set_file(name, modified)
  File "/usr/share/rhn/common/rhnCache.py", line 260, in set_file
    fd = WriteLockedFile(name, modified)
  File "/usr/share/rhn/common/rhnCache.py", line 158, in __init__
    self.fd = self.get_fd(name)
  File "/usr/share/rhn/common/rhnCache.py", line 201, in get_fd
    fd = _safe_create(self.fname)
  File "/usr/share/rhn/common/rhnCache.py", line 116, in _safe_create
    os.makedirs(dirname, 0755)
  File "/usr/lib/python2.4/os.py", line 159, in makedirs
    mkdir(name, mode)
OSError: [Errno 13] Permission denied: '/var/cache/rhn/proxy-auth'

Local variables by frame
Frame makedirs in /usr/lib/python2.4/os.py at line 159
                 tail = <type 'str'> proxy-auth
                 head = <type 'str'> /var/cache/rhn
                 name = <type 'str'> /var/cache/rhn/proxy-auth
                 mode = <type 'int'> 493

Frame _safe_create in /usr/share/rhn/common/rhnCache.py at line 123
                tries = <type 'int'> 4
              dirname = <type 'str'> /var/cache/rhn/proxy-auth
                    e = <type 'instance'> [Errno 13] Permission denied:
'/var/cache/rhn/proxy-auth'
                fname = <type 'str'> /var/cache/rhn/proxy-auth/p1000010041

Frame get_fd in /usr/share/rhn/common/rhnCache.py at line 203
                 self = <class 'common.rhnCache.WriteLockedFile'>
<common.rhnCache.WriteLockedFile object at 0xb7c8574c>
                 name = <type 'str'> proxy-auth/p1000010041

Frame __init__ in /usr/share/rhn/common/rhnCache.py at line 158
                 self = <class 'common.rhnCache.WriteLockedFile'>
<common.rhnCache.WriteLockedFile object at 0xb7c8574c>
             modified = <type 'NoneType'> None
                 name = <type 'str'> proxy-auth/p1000010041

Frame set_file in /usr/share/rhn/common/rhnCache.py at line 260
                 self = <type 'instance'> <common.rhnCache.Cache instance at
0xb7c852ec>
             modified = <type 'NoneType'> None
                 name = <type 'str'> proxy-auth/p1000010041

Frame set in /usr/share/rhn/common/rhnCache.py at line 228
                 self = <type 'instance'> <common.rhnCache.Cache instance at
0xb7c852ec>
             modified = <type 'NoneType'> None
                value = <type 'str'>
€UU1000010041::1236715301.87:21600.0:td5H7aVUJBVlChDufyHNlQ==:rlx-0-06.rhndev.redhat.comq.
                 name = <type 'str'> proxy-auth/p1000010041

Frame set in /usr/share/rhn/common/rhnCache.py at line 334
                 name = <type 'str'> proxy-auth/p1000010041
                 self = <type 'instance'> <common.rhnCache.ObjectCache instance
at 0xb7c8570c>
              pickled = <type 'str'>
€UU1000010041::1236715301.87:21600.0:td5H7aVUJBVlChDufyHNlQ==:rlx-0-06.rhndev.redhat.comq.
                value = <type 'str'>
1000010041::1236715301.87:21600.0:td5H7aVUJBVlChDufyHNlQ==:rlx-0-06.rhndev.redhat.com
             modified = <type 'NoneType'> None

Frame set in /usr/share/rhn/common/rhnCache.py at line 68
                 name = <type 'str'> proxy-auth/p1000010041
                cache = <type 'instance'> <common.rhnCache.ObjectCache instance
at 0xb7c8570c>
             modified = <type 'NoneType'> None
                value = <type 'str'>
1000010041::1236715301.87:21600.0:td5H7aVUJBVlChDufyHNlQ==:rlx-0-06.rhndev.redhat.com
                  raw = <type 'NoneType'> None
           compressed = <type 'NoneType'> None

Frame __setitem__ in /usr/share/rhn/proxy/broker/rhnProxyAuth.py at line 380
                 self = <type 'instance'>
<proxy.broker.rhnProxyAuth.AuthLocalBackend instance at 0xb7c852cc>
                 rkey = <type 'str'> proxy-auth/p1000010041
                  key = <type 'str'> p1000010041
                  val = <type 'str'>
1000010041::1236715301.87:21600.0:td5H7aVUJBVlChDufyHNlQ==:rlx-0-06.rhndev.redhat.com

Frame set_cached_token in /usr/share/rhn/proxy/broker/rhnProxyAuth.py at line
141
                 text = <type 'str'> Caching of authentication token for proxy
id 1000010041 failed!
Either the authentication caching daemon is experiencing
problems, isn't running, or the token is somehow corrupt.

                token = <type 'str'>
1000010041::1236715301.87:21600.0:td5H7aVUJBVlChDufyHNlQ==:rlx-0-06.rhndev.redhat.com
                 self = <type 'instance'> <proxy.broker.rhnProxyAuth.ProxyAuth
instance at 0xb7cdaf2c>
                shelf = <type 'instance'>
<proxy.broker.rhnProxyAuth.AuthLocalBackend instance at 0xb7c852cc>

Frame check_cached_token in /usr/share/rhn/proxy/broker/rhnProxyAuth.py at line
111
                token = <type 'str'>
1000010041::1236715301.87:21600.0:td5H7aVUJBVlChDufyHNlQ==:rlx-0-06.rhndev.redhat.com
         forceRefresh = <type 'int'> 0
             oldToken = <type 'NoneType'> None
                 self = <type 'instance'> <proxy.broker.rhnProxyAuth.ProxyAuth
instance at 0xb7cdaf2c>

Frame handler in /usr/share/rhn/proxy/broker/rhnBroker.py at line 166
            client_ip = <type 'str'> 10.10.76.128
              ip_path = <type 'str'> 10.10.76.128
                 _oto = <type 'instance'> {'content-length': '122',
'x-client-version': '1', 'accept-encoding': 'identity', 'x-transport-info':
'Extended Capabilities Transport (C) Red Hat, Inc (version 92982)',
'x-up2date-version': '4.7.1-17.el4', 'user-agent': 'rhn.rpclib.py/$Revision:
92982 $', 'x-rhn-ip-path': '10.10.76.128', 'host':
'rlx-0-06.rhndev.redhat.com:443', 'x-rhn-transport-capability':
'follow-redirects=2', 'x-info': 'RPC Processor (C) Red Hat, Inc (version
118741)', 'content-type': 'text/xml', 'x-rhn-client-capability':
'packages.verifyAll(1)=1,caneatCheese(1)=1,packages.extended_profile(1)=1,reboot.reboot(1)=1,packages.verify(1)=1,packages.runTransaction(1)=1,kickstart.initiate(1)=1,packages.rollBack(1)=1'}
            getResult = <type 'NoneType'> None
                 self = <type 'instance'> <proxy.broker.rhnBroker.BrokerHandler
instance at 0xb7cda94c>

Frame handler in /usr/share/rhn/proxy/apacheHandler.py at line 337
           handlerObj = <type 'instance'> <proxy.broker.rhnBroker.BrokerHandler
instance at 0xb7cda94c>
                 self = <type 'instance'> <proxy.apacheHandler.apacheHandler
instance at 0xb7cce5ac>
                  req = <type 'mp_request'> <mp_request object at 0xb7eb2d2c>
                  ret = <type 'int'> 0
            rhnBroker = <type 'module'> <module 'proxy.broker.rhnBroker' from
'/usr/share/rhn/proxy/broker/rhnBroker.pyc'>

Frame __call__ in /usr/share/rhn/proxy/apacheServer.py at line 55
                 self = <type 'instance'> <proxy.apacheServer.HandlerWrap
instance at 0xb7de77ac>
                  req = <type 'mp_request'> <mp_request object at 0xb7eb2d2c>
                    f = <type 'instancemethod'> <bound method
apacheHandler.handler of <proxy.apacheHandler.apacheHandler instance at
0xb7cce5ac>>

Frame HandlerDispatch in /usr/lib/python2.4/site-packages/mod_python/apache.py
at line 299
                  req = <type 'mp_request'> <mp_request object at 0xb7eb2d2c>
               config = <type 'mp_table'> {'PythonPath':
'sys.path+['/usr/share/rhn']'}
                 self = <type 'instance'> <mod_python.apache.CallBack instance
at 0xb7ec072c>
               object = <type 'instance'> <proxy.apacheServer.HandlerWrap
instance at 0xb7de77ac>
                    l = <type 'list'> ['proxy.apacheServer', 'Handler']
               module = <type 'module'> <module 'proxy.apacheServer' from
'/usr/share/rhn/proxy/apacheServer.pyc'>
                hlist = <type 'mp_hlist'>
{'handler:'proxy.apacheServer::Handler','directory':'^/*/','silent':0}
           object_str = <type 'str'> Handler
                debug = <type 'int'> 0
          module_name = <type 'str'> proxy.apacheServer
           pathstring = <type 'str'> sys.path+['/usr/share/rhn']
               result = <type 'int'> 500


Environment for PID=1870 on exception:
LANG = C
PATH = /sbin:/usr/sbin:/bin:/usr/bin
PWD = /
SHLVL = 2
TERM = linux
_ = /usr/sbin/httpd


Attempting to kickstart a client using the proxy fails with this error:

This action will be executed after 2009-03-10 02:37:17 EDT.

This action's status is: Failed.
The client picked up this action on 2009-03-10 02:38:41 EDT.
The client completed this action on 2009-03-10 02:38:47 EDT.
Client execution returned "Did not receive a valid kickstart config file. It's
possible that the URL http://rlx-0-06.rhndev.redhat.com/ty/8FhEIZhr was not
found." (code 15)

I've gone over this multiple times setting up the system that would serve as
the proxy in multiple ways and reviewed the documentation, but I can not find a
missing step in what I've done. While I still hope it's my error, at this point
I can only conclude that proxy is busted.

Comment 5 Shannon Hughes 2009-03-16 14:35:54 UTC
turn off selinux for 5.2 so rhnCache has access to /var/cache/rhn/proxy-auth.

Comment 6 Jeff Browning 2009-03-18 20:51:51 UTC
Verified errata fix on Proxy installed to RHEL5u3 and RHEL4u7, registered to satellite on RHEL5u3 and RHEL4u7. Registered to the proxies, pushed packages without an issue, and used the proxy for kickstarts.

Comment 7 Jeff Browning 2009-03-24 06:05:43 UTC
Verified in Stage.

Comment 8 errata-xmlrpc 2009-03-25 14:47:24 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-0391.html


Note You need to log in before you can comment on or make changes to this bug.