695451 – Func 0.28 fails to find certificates

Bug 695451 - Func 0.28 fails to find certificates

Summary: Func 0.28 fails to find certificates

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	func
Sub Component:
Version:	el5
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Seth Vidal
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-04-11 19:08 UTC by Erinn Looney-Triggs
Modified:	2014-01-21 23:18 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-04-13 17:17:16 UTC

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Erinn Looney-Triggs 2011-04-11 19:08:05 UTC

Description of problem:
It appears that func 0.28 requires libvirt which is not an RPM dependency, I am not sure but isn't libvirt part of the virtualization entitlement? It might be a good idea to make that dependency optional so func can be used on systems that are not entitled for virt.

This might be applicable to RHEL 6 as well, only tested for me on 5 though.

Version-Release number of selected component (if applicable):

func-0.28-1.el5

Additional info:
2011-04-11 18:58:42,041 - WARNING - ['Traceback (most recent call last):\n', '  File "/usr/lib/python2.4/site-packages/func/module_loader.py", line 108, in load_modules\n    blip =  __import__("%s%s" % ( mod_dir,mod_imp_name), globals(), locals(), [mod_imp_name])\n', 'ValueError: Empty module name\n']
2011-04-11 18:58:42,047 - WARNING - Import error while loading virt module: No module named libvirt
2011-04-11 18:58:42,047 - WARNING - ['Traceback (most recent call last):\n', '  File "/usr/lib/python2.4/site-packages/func/module_loader.py", line 108, in load_modules\n    blip =  __import__("%s%s" % ( mod_dir,mod_imp_name), globals(), locals(), [mod_imp_name])\n', '  File "/usr/lib/python2.4/site-packages/func/minion/modules/virt.py", line 27, in ?\n    import libvirt\n', 'ImportError: No module named libvirt\n']
2011-04-11 18:58:42,169 - WARNING - Could not load  module
2011-04-11 18:58:42,169 - WARNING - ['Traceback (most recent call last):\n', '  File "/usr/lib/python2.4/site-packages/func/module_loader.py", line 108, in load_modules\n    blip =  __import__("%s%s" % ( mod_dir,mod_imp_name), globals(), locals(), [mod_imp_name])\n', 'ValueError: Empty module name\n']
2011-04-11 18:58:42,846 - INFO - Exception occured: exceptions.IndexError
2011-04-11 18:58:42,846 - INFO - Exception value: list index out of range
2011-04-11 18:58:42,846 - INFO - Exception Info:
  File "/usr/bin/funcd", line 23, in ?
    server.main(sys.argv)
   File "/usr/lib/python2.4/site-packages/func/minion/server.py", line 413, in main
    serve()
   File "/usr/lib/python2.4/site-packages/func/minion/server.py", line 225, in serve
    server = setup_server()
   File "/usr/lib/python2.4/site-packages/func/minion/server.py", line 220, in setup_server
    server = FuncSSLXMLRPCServer((listen_addr, listen_port), config.module_list)
   File "/usr/lib/python2.4/site-packages/func/minion/server.py", line 265, in __init__
    self.cert = func_utils.find_files_by_hostname(hn, self.cm_config.cert_dir, '.cert')[0]

Comment 1 seth vidal 2011-04-11 19:26:35 UTC

func doesn't require it - but if you wish to use the virt module it does.

I believe this is the same as the func 0.24 in epel5 currently.

Comment 2 Erinn Looney-Triggs 2011-04-11 19:30:19 UTC

Well func fails to start in RHEL 5 due to the above errors. Version 0.24 does not.

Comment 3 Greg Swift 2011-04-12 15:28:50 UTC

that is not failing because of the libvirt error.  That is failing because it doesn't have a certificate.

Comment 4 Erinn Looney-Triggs 2011-04-12 16:58:20 UTC

Hey reading to the bottom, who would have thought :). Ok here is what I have, func-0.24 works like a charm on the system, tied in with the master etc, everything works. Upgrade to func 0.28, it no longer works, the client throws the aforementioned error. Now maybe I am missing something here, but it seems like it should start and work. I am able to roll back and the old version works, go forward, it fails.

Comment 5 Greg Swift 2011-04-12 20:45:52 UTC

So this is bash equivalent to what that piece of code is running:

ls $(awk '/^cert_dir/ { print $3}' /etc/certmaster/certmaster.conf)/$(hostname --fqdn).cert

what's interesting is that 3 lines before it it basically does this:

ls $(awk '/^cert_dir/ { print $3}' /etc/certmaster/certmaster.conf)/$(hostname --fqdn).pem

and that works... which means its finding your key, but not your certificate file.

ya know what?  It occurs to me that if you do: 

ls $(awk '/^cert_dir/ { print $3}' /etc/certmaster/certmaster.conf)

you will find the a set of 3 matching files with the extensions: cert, csr, and pem.

then you will find another pair with only the extensions: csr and pem

is that the case?

Comment 6 Erinn Looney-Triggs 2011-04-12 22:39:29 UTC

Here is what I have, I have fqdn.cert, fqdn.csr, and fqdn.pem in /etc/pki/certmaster. The other pair you are talking about don't seem to exist, though there is a ca.cert file in that directory as well. 

-Erinn

Comment 7 Greg Swift 2011-04-13 13:19:32 UTC

hrm... well... then i'm not 100% sure whats going on. you've got the bits that are supposed to be there file wise.

whats the output of when you are on 0.28:

python -c "from func import utils; print utils.get_hostname_by_route()"

Comment 8 seth vidal 2011-04-13 15:04:24 UTC

erinn,
 could you run
 funcd --info

and report the output?

Comment 9 Erinn Looney-Triggs 2011-04-13 17:17:16 UTC

And now with more testing this problem disappears magically. Let's chalk this up to operator issues (the most likely cause of all problems), sorry to waste time. 

-Erinn

Note You need to log in before you can comment on or make changes to this bug.