Hide Forgot
Description of problem: When you unsubscribe from a product using an imported cert, you get a stack trace and subscription-manager crashes. Version-Release number of selected component (if applicable): subscription-manager-gnome-0.95.5-1.git.26.ce6d87f.el6.x86_64 subscription-manager-0.95.5-1.git.26.ce6d87f.el6.x86_64 subscription-manager-firstboot-0.95.5-1.git.26.ce6d87f.el6.x86_64 python-rhsm-0.95.5-1.git.0.0bfdb97.el6.noarch Steps to Reproduce: 1. Install subscription-manager-gnome and all of its dependencies. 2. Using the red hat subscription web app (on stage), download a valid entitlement cert. 3. Using the subscription-manager-gui import cert tool, import this entitlement cert. 4. Go to the my subscriptions tab and unsubscribe from this cert. Actual results: Traceback (most recent call last): File "/usr/share/rhsm/gui/mysubstab.py", line 81, in _on_unsubscribe_prompt_response handle_gui_exception(e, _("There was an error unsubsribing from %s with serial number %s" % (selection['subscription'],serial))) File "/usr/share/rhsm/gui/utils.py", line 61, in handle_gui_exception errorWindow(msg % linkify(e.msg)) then in log file: 2011-03-29 09:04:14,472 [ERROR] handle_gui_exception() @utils.py:46 - access denied. Traceback (most recent call last): File "/usr/share/rhsm/gui/mysubstab.py", line 79, in _on_unsubscribe_prompt_response self.backend.uep.unbindBySerial(self.consumer.uuid, serial) File "/usr/lib/python2.6/site-packages/rhsm/connection.py", line 401, in unbindBySerial return self.conn.request_delete(method) File "/usr/lib/python2.6/site-packages/rhsm/connection.py", line 212, in request_delete return self._request("DELETE", method) File "/usr/lib/python2.6/site-packages/rhsm/connection.py", line 178, in _request self.validateResponse(result) File "/usr/lib/python2.6/site-packages/rhsm/connection.py", line 197, in validateResponse parsed['displayMessage']) Expected results: The cert is unsubscribed from and removed from my system.
commit 6a8ae0a4e03b87c3c279b079a6e1622bc57d8752 Author: Adrian Likins <alikins> Date: Wed Mar 30 11:32:55 2011 -0400 691784: unsubscribing a imported cert was causing an uncaught exception Trying to pass a string to "linkify" that didn't need formatting, so specify that. This seems to fix this for me. It doesn't feel like it's the complete fix, but I can't reproduce it with the patch. Is there a 404 logged?
Created attachment 489123 [details] new error Well, now I'm getting a different error (see attached and below). Note that I don't have insecure set to false in my rhsm.conf. 2011-03-31 11:11:46,682 [INFO] _request() @connection.py:147 - loading ca pem certificates from: /etc/rhsm/ca/ 2011-03-31 11:11:46,682 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/fakamai-cp1.pem' 2011-03-31 11:11:46,687 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/mgmt5.pem' 2011-03-31 11:11:46,688 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/candlepin-stage.pem' 2011-03-31 11:11:46,689 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/mgmt4-candlepin-ca.pem' 2011-03-31 11:11:46,689 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/redhat-uep.pem' 2011-03-31 11:11:46,690 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/mgmt4.pem' 2011-03-31 11:11:46,691 [INFO] _request() @connection.py:149 - work in insecure mode ?:False 2011-03-31 11:11:46,805 [ERROR] handle_gui_exception() @utils.py:46 - sslv3 alert certificate unknown Traceback (most recent call last): File "/usr/share/rhsm/gui/mysubstab.py", line 79, in _on_unsubscribe_prompt_response self.backend.uep.unbindBySerial(self.consumer.uuid, serial) File "/usr/lib/python2.6/site-packages/rhsm/connection.py", line 401, in unbindBySerial return self.conn.request_delete(method) File "/usr/lib/python2.6/site-packages/rhsm/connection.py", line 212, in request_delete return self._request("DELETE", method) File "/usr/lib/python2.6/site-packages/rhsm/connection.py", line 169, in _request headers=self.headers) File "/usr/lib64/python2.6/httplib.py", line 910, in request self._send_request(method, url, body, headers) File "/usr/lib64/python2.6/httplib.py", line 947, in _send_request self.endheaders() File "/usr/lib64/python2.6/httplib.py", line 904, in endheaders self._send_output() File "/usr/lib64/python2.6/httplib.py", line 776, in _send_output self.send(msg) File "/usr/lib64/python2.6/httplib.py", line 735, in send self.connect() File "/usr/lib64/python2.6/site-packages/M2Crypto/httpslib.py", line 50, in connect self.sock.connect((self.host, self.port)) File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Connection.py", line 185, in connect ret = self.connect_ssl() File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Connection.py", line 178, in connect_ssl return m2.ssl_connect(self.ssl, self._timeout) SSLError: sslv3 alert certificate unknown 2011-03-31 11:11:46,848 [INFO] _request() @connection.py:147 - loading ca pem certificates from: /etc/rhsm/ca/ 2011-03-31 11:11:46,849 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/fakamai-cp1.pem' 2011-03-31 11:11:46,849 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/mgmt5.pem' 2011-03-31 11:11:46,850 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/candlepin-stage.pem' 2011-03-31 11:11:46,851 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/mgmt4-candlepin-ca.pem' 2011-03-31 11:11:46,851 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/redhat-uep.pem' 2011-03-31 11:11:46,853 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/mgmt4.pem' 2011-03-31 11:11:46,854 [INFO] _request() @connection.py:149 - work in insecure mode ?:False
Looks like i needed to restart the gui before changing the insecure mode (though shouldn't I be able to unsubscribe anyway?) Either way, I get this now: 2011-03-31 13:19:24,889 [INFO] _request() @connection.py:177 - status code: 404 2011-03-31 13:19:24,890 [ERROR] handle_gui_exception() @utils.py:46 - Entitlement Certificate with serial number 1130158376562749 could not be found. Traceback (most recent call last): File "/usr/share/rhsm/gui/mysubstab.py", line 79, in _on_unsubscribe_prompt_response self.backend.uep.unbindBySerial(self.consumer.uuid, serial) File "/usr/lib/python2.6/site-packages/rhsm/connection.py", line 401, in unbindBySerial return self.conn.request_delete(method) File "/usr/lib/python2.6/site-packages/rhsm/connection.py", line 212, in request_delete return self._request("DELETE", method) File "/usr/lib/python2.6/site-packages/rhsm/connection.py", line 178, in _request self.validateResponse(result) File "/usr/lib/python2.6/site-packages/rhsm/connection.py", line 197, in validateResponse parsed['displayMessage']) RestlibException: Entitlement Certificate with serial number 1130158376562749 could not be found.
for the subscription unsubscribed in comment #4, was that a cert candlepin would know was associated with that consumer (say, via rhsm-web) or was it just pull another run of subscription-manager that subscribed to that product. For me, I get that error dialog, and the same message in the log, but that's because I'm trying to unsubscribe from a subscription the candlepin server knows nothing about.
For the unregsitered case, I get something like: an error dialog with "Unable to verify server's identity: system lib" and in the logs: 2011-04-07 11:44:45,341 [ERROR] @utils.py:45 - system lib Traceback (most recent call last): File "/home/adrian/src/subscription-manager/src/subscription_manager/gui/mysubstab.py", line 80, in _on_unsubscribe_prompt_response self.backend.uep.unbindBySerial(self.consumer.uuid, serial) File "/usr/lib/python2.7/site-packages/rhsm-0.96.2-py2.7.egg/rhsm/connection.py", line 401, in unbindBySerial return self.conn.request_delete(method) File "/usr/lib/python2.7/site-packages/rhsm-0.96.2-py2.7.egg/rhsm/connection.py", line 212, in request_delete return self._request("DELETE", method) File "/usr/lib/python2.7/site-packages/rhsm-0.96.2-py2.7.egg/rhsm/connection.py", line 153, in _request context.load_cert(self.cert_file, keyfile=self.key_file) File "/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Context.py", line 76, in load_cert m2.ssl_ctx_use_cert(self.ctx, certfile) SSLError: system lib and on the console: Traceback (most recent call last): File "/home/adrian/src/subscription-manager/src/subscription_manager/gui/mysubstab.py", line 84, in _on_unsubscribe_prompt_response self.backend.certlib.update() File "/home/adrian/src/subscription-manager/src/subscription_manager/certlib.py", line 60, in update return action.perform() File "/home/adrian/src/subscription-manager/src/subscription_manager/certlib.py", line 132, in perform expected = self.getExpected(report) File "/home/adrian/src/subscription-manager/src/subscription_manager/certlib.py", line 189, in getExpected exp = self.getCertificateSerialsList() File "/home/adrian/src/subscription-manager/src/subscription_manager/certlib.py", line 182, in getCertificateSerialsList reply = self.uep.getCertificateSerials(self._getConsumerId()) File "/home/adrian/src/subscription-manager/src/subscription_manager/certlib.py", line 178, in _getConsumerId raise Disconnected() subscription_manager.certlib.Disconnected
commit b2fb5ec07f25652aa38e3e31152b9ad3ddb6165a Author: Adrian Likins <alikins> Date: Thu Apr 7 15:50:19 2011 -0400 691784: Fix handling of unsubscribing imported certs while unregistered The core of the bugfix is in mysubstab._on_unsubscribe_prompt_response. We don't try to unbindBySerial if we are not registered (via new managerGui.Backend.is_registered()). We also try/except around the update to catch the Disconnected exception if well, we are disconnected. We also change the store serial type to long, so the cert lookup works correctly. we also remove some unused code from certlib/certmgr (the *add) code and refactor certlib.delete to expect an array of longs, not a var arg. in master, fix chksum is f2cd16f571cd2a05f05b7e914c28d5b5d41adef9
The unregistered case now works. When registered to an incorrect server for the cert, the error message crashes on the RHEL6 branch: handle_gui_exception(e, _("There was an error unsubsribing from %s with serial number %s" % (selection['subscription'],serial)), formatMsg=False) TypeError: handle_gui_exception() got an unexpected keyword argument 'formatMsg' Traceback (most recent call last): File "/usr/share/rhsm/gui/mysubstab.py", line 83, in _on_unsubscribe_prompt_response handle_gui_exception(e, _("There was an error unsubsribing from %s with serial number %s" % (selection['subscription'],serial)), formatMsg=False) TypeError: handle_gui_exception() got an unexpected keyword argument 'formatMsg'
commit c0d9b0e0cc46946baca899207720c1df348efb32 Author: Adrian Likins <alikins> Date: Wed Feb 23 11:26:58 2011 -0500 691784: Fix a bug when bare strings were passed to handle_gui_exception Add a opt to turn off string substitution in the error msg
*** Bug 695002 has been marked as a duplicate of this bug. ***
The original fix for this caused #695002, so closed it as a dupe.
commit 82cb1bb920e970d9fd7e67ad176149638b77a754 Author: Adrian Likins <alikins> Date: Mon Apr 11 16:09:52 2011 -0400 691784: fix entitlement failure that throws sequence error This is something of an addendum to f2cd16f571cd2a05f05b7e914c28d5b5d41adef9 A touch too much was deleted in that commit.
VERIFYING fix to "addendum" that fixes bug 695002... [root@jsefler-onprem-server tmp]# rpm -qa | grep subscription-manager subscription-manager-firstboot-0.95.8-1.el6.x86_64 subscription-manager-0.95.8-1.el6.x86_64 subscription-manager-gnome-0.95.8-1.el6.x86_64 [root@jsefler-onprem-server tmp]# subscription-manager register --username=qa Password: f7434e22-07a0-4446-b6ae-621262daf1ff jsefler-onprem-server.usersys.redhat.com [root@jsefler-onprem-server tmp]# subscription-manager list --avail +-------------------------------------------+ Available Subscriptions +-------------------------------------------+ ProductName: Red Hat Employee Subscription ProductId: SYS0395 PoolId: 8a85f9812ede00af012edf01c88c5ce0 Quantity: 18 Expires: 2011-10-04 ProductName: Red Hat Employee Subscription ProductId: SYS0395 PoolId: 8a85f9812ede00af012edf01c8965ceb Quantity: unlimited Expires: 2011-10-04 ProductName: Red Hat Employee Subscription ProductId: SYS0395 PoolId: 8a85f9812ede00af012edf01c89f5cf9 Quantity: 9994 Expires: 2011-10-07 ProductName: Red Hat Employee Subscription ProductId: SYS0395 PoolId: 8a85f9812ede00af012edf01c8a65d04 Quantity: unlimited Expires: 2011-10-07 [root@jsefler-onprem-server tmp]# subscription-manager subscribe --pool=8a85f9812ede00af012edf01c8a65d04 [root@jsefler-onprem-server tmp]# subscription-manager unsubscribe --all [root@jsefler-onprem-server tmp]# subscription-manager subscribe --auto Installed Products: Red Hat Enterprise Linux 6 for Premium Architectures - Not Installed Red Hat Enterprise Linux 6 for Scientific Computing - Not Installed Red Hat Enterprise Linux 6 Desktop - Not Installed Red Hat Enterprise Linux Load Balancer (for RHEL 6 Server) - Subscribed Red Hat Enterprise Linux 6 for Mainframe - Not Installed Red Hat Enterprise Linux 6 Workstation - Not Installed Red Hat Enterprise Linux Scalable File System (for RHEL 6 Server) - Subscribed Red Hat Enterprise Linux 6 Server - Subscribed Red Hat Enterprise Linux Resilient Storage (for RHEL 6 Server) - Subscribed Red Hat Enterprise Linux High Availability (for RHEL 6 Server) - Subscribed Load Balancing Bits - Not Subscribed Awesome OS Server Bits - Not Subscribed Clustering Bits - Not Subscribed Awesome OS Modifier Bits - Not Subscribed Awesome OS Scalable Filesystem Bits - Not Subscribed Large File Support Bits - Not Subscribed Awesome OS Developer Bits - Not Subscribed Awesome OS for S390X Bits - Not Subscribed Awesome OS Developer Basic - Not Subscribed Multiplier Product Bits - Not Subscribed Management Bits - Not Subscribed Awesome OS Workstation Bits - Not Subscribed Awesome OS Premium Architecture Bits - Not Subscribed Shared Storage Bits - Not Subscribed [root@jsefler-onprem-server tmp]# ^^ fixed, no -sequence error
Created attachment 491851 [details] unsub See attached screenshot. Even though the error is encountered, it successfully removes the cert. python-rhsm-0.95.6-1.git.0.b36d0a5.el6.noarch subscription-manager-firstboot-0.95.8-1.git.0.9c92e14.el6.x86_64 subscription-manager-gnome-0.95.8-1.git.0.9c92e14.el6.x86_64 subscription-manager-0.95.8-1.git.0.9c92e14.el6.x86_64 Moving to VERIFIED.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2011-0611.html