Hide Forgot
Description of problem: I've never seen this problem and I don't know how my onpremises candlepin (branch 0.2) server with the TESTDATA deployed got into this state, but here's what I'm seeing... On the client, I get a failure and a traceback in rhsm.log when I subscribe. For example: [root@jsefler-onprem-server ~]# subscription-manager subscribe --pool=8a90f8b42f386fd8012f387092a40138 Entitlement Certificate(s) update failed due to the following reasons: - sequence [root@jsefler-onprem-server ~]# [root@jsefler-onprem-server ~]# tail -f /var/log/rhsm/rhsm.log 2011-04-09 09:20:46,003 [INFO] __init__() @connection.py:298 - Using certificate authentication: key = /etc/pki/consumer/key.pem, cert = /etc/pki/consumer/cert.pem, ca = /etc/rhsm/ca/, insecure = False 2011-04-09 09:20:46,003 [INFO] __init__() @connection.py:301 - Connection Established: host: jsefler-f14-candlepin.usersys.redhat.com, port: 8443, handler: /candlepin 2011-04-09 09:20:46,117 [DEBUG] __init__() @certlib.py:633 - Sorting product and entitlement cert status for: 2011-04-09 09:20:46.117415 2011-04-09 09:20:46,147 [DEBUG] _populate_all_products() @certlib.py:651 - Installed product IDs: ['1', '1144', '100000000000000', '83', '27060', '37062', '37090', '917571', '90', '37069', '37068', '37080', '37065', '69', '37067', '92', '37060', '37070', '85'] 2011-04-09 09:20:46,147 [DEBUG] __init__() @certlib.py:642 - valid entitled products: [] 2011-04-09 09:20:46,148 [DEBUG] __init__() @certlib.py:643 - expired entitled products: [] 2011-04-09 09:20:46,149 [INFO] _request() @connection.py:147 - loading ca pem certificates from: /etc/rhsm/ca/ 2011-04-09 09:20:46,150 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/redhat-uep.pem' 2011-04-09 09:20:46,150 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/jsefler-f14-candlepin.pem' 2011-04-09 09:20:46,151 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/fakamai-cp1.pem' 2011-04-09 09:20:46,151 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/candlepin-stage.pem' 2011-04-09 09:20:46,152 [INFO] _request() @connection.py:149 - work in insecure mode ?:False 2011-04-09 09:20:46,421 [INFO] _request() @connection.py:177 - status code: 200 2011-04-09 09:20:46,422 [INFO] _do_command() @managercli.py:551 - Info: Successfully subscribed the machine the Entitlement Pool 8a90f8b42f386fd8012f387092a40138 2011-04-09 09:20:46,425 [INFO] _request() @connection.py:147 - loading ca pem certificates from: /etc/rhsm/ca/ 2011-04-09 09:20:46,425 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/redhat-uep.pem' 2011-04-09 09:20:46,426 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/jsefler-f14-candlepin.pem' 2011-04-09 09:20:46,426 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/fakamai-cp1.pem' 2011-04-09 09:20:46,426 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/candlepin-stage.pem' 2011-04-09 09:20:46,427 [INFO] _request() @connection.py:149 - work in insecure mode ?:False 2011-04-09 09:20:46,520 [INFO] _request() @connection.py:177 - status code: 200 2011-04-09 09:20:46,524 [INFO] _request() @connection.py:147 - loading ca pem certificates from: /etc/rhsm/ca/ 2011-04-09 09:20:46,524 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/redhat-uep.pem' 2011-04-09 09:20:46,525 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/jsefler-f14-candlepin.pem' 2011-04-09 09:20:46,526 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/fakamai-cp1.pem' 2011-04-09 09:20:46,527 [INFO] _load_ca_certificates() @connection.py:134 - loading ca certificate '/etc/rhsm/ca/candlepin-stage.pem' 2011-04-09 09:20:46,527 [INFO] _request() @connection.py:149 - work in insecure mode ?:False 2011-04-09 09:20:46,606 [INFO] _request() @connection.py:177 - status code: 200 2011-04-09 09:20:46,609 [ERROR] install() @certlib.py:201 - iteration over non-sequence Traceback (most recent call last): File "/usr/share/rhsm/certlib.py", line 197, in install key, cert = self.build(bundle) TypeError: iteration over non-sequence 2011-04-09 09:20:46,611 [ERROR] install() @certlib.py:205 - Bundle not loaded: {'updated': '2011-04-09T13:20:46.245+0000', 'created': '2011-04-09T13:20:46.245+0000', 'cert': '-----BEGIN CERTIFICATE-----\nMIIJlTCCCP6gAwIBAgIIU+mFFwNaG2YwDQYJKoZIhvcNAQEFBQAwUjExMC8GA1UE\nAwwoanNlZmxlci1mMTQtY2FuZGxlcGluLnVzZXJzeXMucmVkaGF0LmNvbTELMAkG\nA1UEBhMCVVMxEDAOBgNVBAcMB1JhbGVpZ2gwHhcNMTEwMzA4MDUwMDAwWhcNMTIw\nNDA4MDAwMDAwWjArMSkwJwYDVQQDDCA4YTkwZjhiNDJmMzg2ZmQ4MDEyZjNhNmJm\nYzk3MTdlNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMC8oV8hFc7J\nkw7Ul9V7a6hc0qGJzgpfFT6uy8dxIUpCrYCYNpcTitfcBEroGYOTPGfuA/25itR1\nYJonWi0s/eL/Gvd0Fzp7dlm1l5m9JjKYyC3BWgQn+tLFqARmMgPoC0vw8WdeaED9\neb6meqLGExQG55zVO9ZK7swGyMueGEOhdjxh0sbeGV018ifLtFXiH0vgaaoBe60K\nRr0k1M17zMkKNk+2by5pXLfEuPBh9vADXIrXYYo8ggHAsueZFwDbmVmts7rYbbA6\naKiYqpbSbX7nRBadweWihN+RtV9AFS56xJrbwTgrsoRTz/4paa8lVwildpFvA74w\n8ytGCvLMR3cCAwEAAaOCBxUwggcRMBEGCWCGSAGG+EIBAQQEAwIFoDALBgNVHQ8E\nBAMCBLAwgYIGA1UdIwR7MHmAFEQGCLDRq+4nYjfr1RObpu/qd1x3oVakVDBSMTEw\nLwYDVQQDDChqc2VmbGVyLWYxNC1jYW5kbGVwaW4udXNlcnN5cy5yZWRoYXQuY29t\nMQswCQYDVQQGEwJVUzEQMA4GA1UEBwwHUmFsZWlnaIIJAJQy7xaOTAETMB0GA1Ud\nDgQWBBTQOxyKyo87TUu/afaKkaM5ixX1ujATBgNVHSUEDDAKBggrBgEFBQcDAjAp\nBg0rBgEEAZIICQGCoUQBBBgMFkF3ZXNvbWUgT1MgU2VydmVyIEJpdHMwFAYLKwYB\nBAGSCAkCAgEEBQwDeXVtMCAGDCsGAQQBkggJAgIBAQQQDA50YWdnZWQtY29udGVu\ndDAgBgwrBgEEAZIICQICAQIEEAwOdGFnZ2VkLWNvbnRlbnQwHQYMKwYBBAGSCAkC\nAgEFBA0MC3Rlc3QtdmVuZG9yMCIGDCsGAQQBkggJAgIBBgQSDBAvZm9vL3BhdGgv\nYWx3YXlzMCYGDCsGAQQBkggJAgIBBwQWDBQvZm9vL3BhdGgvYWx3YXlzL2dwZzAT\nBgwrBgEEAZIICQICAQQEAwwBMDATBgwrBgEEAZIICQICAQMEAwwBMDATBgwrBgEE\nAZIICQICAQgEAwwBMTAbBgwrBgEEAZIICQICAQoECwwJVEFHMSxUQUcyMBQGCysG\nAQQBkggJAgEBBAUMA3l1bTAoBgwrBgEEAZIICQIBAQEEGAwWYWx3YXlzLWVuYWJs\nZWQtY29udGVudDAoBgwrBgEEAZIICQIBAQIEGAwWYWx3YXlzLWVuYWJsZWQtY29u\ndGVudDAdBgwrBgEEAZIICQIBAQUEDQwLdGVzdC12ZW5kb3IwIgYMKwYBBAGSCAkC\nAQEGBBIMEC9mb28vcGF0aC9hbHdheXMwJgYMKwYBBAGSCAkCAQEHBBYMFC9mb28v\ncGF0aC9hbHdheXMvZ3BnMBMGDCsGAQQBkggJAgEBBAQDDAEwMBMGDCsGAQQBkggJ\nAgEBAwQDDAEwMBMGDCsGAQQBkggJAgEBCAQDDAExMBUGDCsGAQQBkggJAgEBCQQF\nDAMyMDAwFAYLKwYBBAGSCAkCAAEEBQwDeXVtMCcGDCsGAQQBkggJAgABAQQXDBVu\nZXZlci1lbmFibGVkLWNvbnRlbnQwJwYMKwYBBAGSCAkCAAECBBcMFW5ldmVyLWVu\nYWJsZWQtY29udGVudDAdBgwrBgEEAZIICQIAAQUEDQwLdGVzdC12ZW5kb3IwIQYM\nKwYBBAGSCAkCAAEGBBEMDy9mb28vcGF0aC9uZXZlcjAlBgwrBgEEAZIICQIAAQcE\nFQwTL2Zvby9wYXRoL25ldmVyL2dwZzATBgwrBgEEAZIICQIAAQQEAwwBMDATBgwr\nBgEEAZIICQIAAQMEAwwBMDATBgwrBgEEAZIICQIAAQgEAwwBMDAVBgwrBgEEAZII\nCQIAAQkEBQwDNjAwMBUGDCsGAQQBkggJAohXAQQFDAN5dW0wGgYNKwYBBAGSCAkC\niFcBAQQJDAdjb250ZW50MCAGDSsGAQQBkggJAohXAQIEDwwNY29udGVudC1sYWJl\nbDAeBg0rBgEEAZIICQKIVwEFBA0MC3Rlc3QtdmVuZG9yMBwGDSsGAQQBkggJAohX\nAQYECwwJL2Zvby9wYXRoMCEGDSsGAQQBkggJAohXAQcEEAwOL2Zvby9wYXRoL2dw\nZy8wFAYNKwYBBAGSCAkCiFcBBAQDDAEwMBQGDSsGAQQBkggJAohXAQMEAwwBMDAU\nBg0rBgEEAZIICQKIVwEIBAMMATEwFAYNKwYBBAGSCAkCiFcBCQQDDAEwMDYGCisG\nAQQBkggJBAEEKAwmQXdlc29tZSBPUyB3aXRoIHVwIHRvIDQgdmlydHVhbCBndWVz\ndHMwMAYKKwYBBAGSCAkEAgQiDCA4YTkwZjhiNDJmMzg2ZmQ4MDEyZjM4NzA4OTA4\nMDEwNTAgBgorBgEEAZIICQQDBBIMEGF3ZXNvbWVvcy12aXJ0LTQwEgYKKwYBBAGS\nCAkEBQQEDAIxMDAkBgorBgEEAZIICQQGBBYMFDIwMTEtMDMtMDhUMDU6MDA6MDBa\nMCQGCisGAQQBkggJBAcEFgwUMjAxMi0wNC0wOFQwMDowMDowMFowEQYKKwYBBAGS\nCAkEDAQDDAEwMBIGCisGAQQBkggJBAoEBAwCNDAwGwYKKwYBBAGSCAkEDQQNDAsx\nMjMzMTEzMTIzMTARBgorBgEEAZIICQQOBAMMATAwEQYKKwYBBAGSCAkECwQDDAEx\nMDQGCisGAQQBkggJBQEEJgwkODQ1YzI1OGYtNGZjNC00ZWE2LWIzNmEtOTU4MWUy\nNmVhNTVmMA0GCSqGSIb3DQEBBQUAA4GBAHk2bxB/zTQuGlXXOGJcYEOTyMISh+79\nGdppjjBpMrzpymy6I7xAjzf6EZaa6aYEVc75RwEgNh8cg9wytsPI1TxK4N/lK3iL\nyyzvXN5OO83p1a3AZXmwZgE4uJlH+Qbc+o+cByu/K5vLVztP8HRy8acZ6I0OoLau\nPDEvcDPVGRZO\n-----END CERTIFICATE-----\n', 'key': '-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAwLyhXyEVzsmTDtSX1XtrqFzSoYnOCl8VPq7Lx3EhSkKtgJg2\nlxOK19wESugZg5M8Z+4D/bmK1HVgmidaLSz94v8a93QXOnt2WbWXmb0mMpjILcFa\nBCf60sWoBGYyA+gLS/DxZ15oQP15vqZ6osYTFAbnnNU71kruzAbIy54YQ6F2PGHS\nxt4ZXTXyJ8u0VeIfS+BpqgF7rQpGvSTUzXvMyQo2T7ZvLmlct8S48GH28ANcitdh\nijyCAcCy55kXANuZWa2zuthtsDpoqJiqltJtfudEFp3B5aKE35G1X0AVLnrEmtvB\nOCuyhFPP/ilpryVXCKV2kW8DvjDzK0YK8sxHdwIDAQABAoIBAChuaZu/IQgEGSlf\nR4qtHWRwNG9WrTZXw+kmWfE4tjcRzbvQMoN2wgWOTgg4sEF9vYo/z+6F4a24Ac/U\nuYIIkinwQgPvAoBuLeGbynWhzEWI71VJ3kxI5sEYXaqulYdkQhpoLPv2PgCEK+nm\nmotS6eWlnSi1Qpwtk/KQ6cZtH8Hv2vRsBPrQJOeOUUyEl3sMY3SWS/vkESSvl3Lx\nnj77TKsQXFdoIQaiFgAsfsJ/5ghGuAedhyCyWStRxrvdKh89rEyQ0T2gWq6pa7DF\niWPG/Ho9zJGRKnuJ5kjuZQD6OoL8ZIHxEwV8+MLnG25PfOFqlxMahGOkeKgiaN+Q\nohDfHWECgYEA/5r7yeqlxHfPDy3jFuQqZtZsBfk7WNA2BR0B5RT7kQBoBNptG8GU\n7ACl86tnw1ibc6WZhu1yivVoomLRkNDFx5te+1XbfQuncCYiyIsSsT1OALIP/Fet\nYWM9tC5WbCnrmgc2CwIx3sym4yuTwO8NF0vYGQlEZPekL13tZOMo/aMCgYEAwQjN\nBO8xQs1bsruH3GO3mXSaSnluhjWsoOrS2Cw4NuX1/475eLCgXU645Z0w3NCYZJG3\nbz1/OSiXyMKtV+0NyJ1dbzTEeckRsq19N3Q+DgQujOt8V3RnEIOdaM80YHK9p0sS\nJFMGTGIYqMru1MDZcz+j4zCOy4dnuk5S4hEbBB0CgYBLQPcGoKYDbP6ySmFEmRJ+\nynxtWc6GPG7bHIo1RvM14re9Tg23kUvmG97AGePn2IuUBdpopjoF/XC79noat8yz\nEuRo/QMtEqROWXv+LSvosNLpU4NvWOT7+jrtdIMPP1xVMfBQV2oVXY147piGwhrJ\nlBPgcyEG1P4qz+2XuWWVHwKBgGvik1MyrAF97MYT8XbHdJGbjbAZ9h+kV/sHwxd2\nf2SPWdGfAublMHt1x/jsxaZkHwf2OOM/J5+2hD58L414u79n1BSXFUhLjEykkdsw\naI5E4A96fWATepbMOGmfhNJyznR1jIoorNh76vRLlvfpYJ787ofHV8eAwgRqSgB3\nNvYxAoGBANx/ycpZ97s1KL7d80QikX22yHnSO2bfDr6QixsjmBnjPzZowMG5qyB6\ntUYES0CoZgCZn1QE7y7suek3egnfECBRkXAY8rhYF1qw33np2zIC3ARvQjmYpelj\n4SScUshF6HKhycChuZjTOZAx5B1YUIFC4MyM5x6/A79mxIE9ghyA\n-----END RSA PRIVATE KEY-----\n', 'serial': {'updated': '2011-04-09T13:20:46.237+0000', 'revoked': False, 'created': '2011-04-09T13:20:46.237+0000', 'expiration': '2012-04-08T00:00:00.000+0000', 'collected': False, 'serial': 6046510308608580454, 'id': 6046510308608580454}, 'id': '8a90f8b42f386fd8012f3a6bfca517e6'} iteration over non-sequence 2011-04-09 09:20:46,612 [INFO] perform() @certlib.py:109 - certs updated: Total updates: 0 Found (local) serial# [] Expected (UEP) serial# [6046510308608580454] Added (new) <NONE> Deleted (rogue): <NONE> Expired (not deleted): <NONE> Expired (deleted): <NONE> Version-Release number of selected component (if applicable): [root@jsefler-onprem-server ~]# rpm -q subscription-manager python-rhsm subscription-manager-0.95.6-1.git.8.b2fb5ec.el6.x86_64 python-rhsm-0.95.6-1.git.0.b36d0a5.el6.noarch [root@jsefler-f14-candlepin candlepin]# git branch * 0.2 master [root@jsefler-f14-candlepin candlepin]# git show-ref 0.2 f5161b2e7ee085aaa10130f524d05d0cd461e310 refs/heads/0.2 9c13d6bf6d83070bbc78638f6ca3bc1dc5267977 refs/remotes/origin/0.2
Upon reviewing the automated test runs this weekend, I now have two onpremises servers that are running off branch 0.2 and are exhibiting the same "- sequence" error when subscribing. I'm copying dgoodwin on this bug because of the coincidental timing with which he submitted changes for urgent bug 684350 - GET requests with Basic Auth has side effects. I don't believe bug 684350 is related to this bug, but I want to make sure. On the second candlepin server running branch 0.2, here are the automated git pull statements in the log that how what candlepin source might have changed to lead to this error: 201104090003:38.020 - FINE: ssh root.redhat.com cd /root/candlepin; git checkout master; git pull origin master (com.redhat.qe.tools.SSHCommandRunner.run) 201104090003:39.541 - FINE: Stdout: Your branch is ahead of 'origin/master' by 168 commits. Updating 78282a1..b8afe4a Fast-forward proxy/buildfile | 2 + .../fedoraproject/candlepin/auth/Principal.java | 4 + .../candlepin/resource/ConsumerResource.java | 42 +++++++++-- .../resteasy/interceptor/AuthInterceptor.java | 5 +- .../candlepin/resteasy/interceptor/AuthUtil.java | 73 ++++++++++++++++++++ .../candlepin/resteasy/interceptor/BasicAuth.java | 22 +++---- .../resteasy/interceptor/ConsumerAuth.java | 9 +-- .../candlepin/resteasy/interceptor/OAuth.java | 40 ++++++----- .../resteasy/interceptor/TrustedConsumerAuth.java | 4 +- .../resteasy/interceptor/TrustedUserAuth.java | 4 +- .../candlepin/resteasy/interceptor/UserAuth.java | 47 +------------ .../interceptor/BasicAuthViaUserServiceTest.java | 26 +++----- 12 files changed, 164 insertions(+), 114 deletions(-) create mode 100644 proxy/src/main/java/org/fedoraproject/candlepin/resteasy/interceptor/AuthUtil.java (com.redhat.qe.tools.SSHCommandRunner.runCommandAndWait) 201104090003:39.543 - FINE: Stderr: Switched to branch 'master' From git://git.fedorahosted.org/candlepin * branch master -> FETCH_HEAD (com.redhat.qe.tools.SSHCommandRunner.runCommandAndWait) 201104090003:39.544 - FINE: ExitCode: 0 (com.redhat.qe.tools.SSHCommandRunner.runCommandAndWait) 201104090003:39.545 - INFO: Asserted: 0 is present in the list [0] (com.redhat.qe.auto.testng.Assert.pass) 201104090003:39.546 - INFO: Asserted: Stderr from command 'cd /root/candlepin; git checkout master; git pull origin master' contains matches to regex '(Already on|Switched to branch) 'master'', (com.redhat.qe.auto.testng.Assert.pass) 201104090003:39.547 - FINE: Matches: (com.redhat.qe.auto.testng.Assert.assertContainsMatch) 201104090003:39.548 - FINE: Switched to branch 'master' (com.redhat.qe.auto.testng.Assert.assertContainsMatch) 201104090003:39.549 - FINE: ssh root.redhat.com cd /root/candlepin; git checkout 0.2; git pull origin 0.2 (com.redhat.qe.tools.SSHCommandRunner.run) 201104090003:40.647 - FINE: Stdout: Your branch is ahead of 'origin/0.2' by 87 commits. Updating 9063f74..f5161b2 Fast-forward .../fedoraproject/candlepin/auth/Principal.java | 4 ++ .../candlepin/resource/ConsumerResource.java | 42 ++++++++++++++++---- .../candlepin/resteasy/interceptor/BasicAuth.java | 9 ++-- 3 files changed, 42 insertions(+), 13 deletions(-) (com.redhat.qe.tools.SSHCommandRunner.runCommandAndWait) 201104090003:40.648 - FINE: Stderr: Switched to branch '0.2' From git://git.fedorahosted.org/candlepin * branch 0.2 -> FETCH_HEAD
This is a subscription-manager bug, introduced in: commit b2fb5ec07f25652aa38e3e31152b9ad3ddb6165a Author: Adrian Likins <alikins> Date: Thu Apr 7 15:50:19 2011 -0400 691784: Fix handling of unsubscribing imported certs while unregistered The core of the bugfix is in mysubstab._on_unsubscribe_prompt_response. We don't try to unbindBySerial if we are not registered (via new managerGui.Backend.is_registered()). We also try/except around the update to catch the Disconnected exception if well, we are disconnected. We also change the store serial type to long, so the cert lookup works correctly. we also remove some unused code from certlib/certmgr (the *add) code and refactor certlib.delete to expect an array of longs, not a var arg. We need bugs for rhel5 and 6
*** This bug has been marked as a duplicate of bug 691784 ***
Verification for this bug fix against rhel6 is here: https://bugzilla.redhat.com/show_bug.cgi?id=691784#c15