Bug 739625 - spacewalk-repo-sync doesn't work over SSL & IPv6 correctly
spacewalk-repo-sync doesn't work over SSL & IPv6 correctly
Status: CLOSED CURRENTRELEASE
Product: Spacewalk
Classification: Community
Component: Server (Show other bugs)
1.6
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Milan Zazrivec
Lukas Pramuk
:
Depends On: 742914 761596
Blocks: spaceIPv6 878049 space19
  Show dependency treegraph
 
Reported: 2011-09-19 12:22 EDT by Miroslav Suchý
Modified: 2013-03-06 13:35 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 878049 (view as bug list)
Environment:
Last Closed: 2013-03-06 13:35:01 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Miroslav Suchý 2011-09-19 12:22:40 EDT
Description of problem:
spacewalk-repo-sync doesn't work over SSL & IPv6 correctly
        it seems to work all right over SSL & IPv4
        it seems to work all right over IPv6 without SSL
        fix not available, most likely a low level pycurl / libcurl issue 

When it has to comunicate over SSL in IPv6 only network it end up with this traceback:

# spacewalk-repo-sync -cspacewalk
Traceback (most recent call last):
  File "/usr/bin/spacewalk-repo-sync", line 70, in ?
    sys.exit(abs(main() or 0))
  File "/usr/bin/spacewalk-repo-sync", line 64, in main
    sync.main()
  File "/usr/lib/python2.4/site-packages/spacewalk/satellite_tools/reposync.py", line 120, in main
    self.import_packages(plugin, url)
  File "/usr/lib/python2.4/site-packages/spacewalk/satellite_tools/reposync.py", line 325, in import_packages
    packages = plug.list_packages(self.filters)
  File "/usr/lib/python2.4/site-packages/spacewalk/satellite_tools/repo_plugins/yum_src.py", line 118, in list_packages
    sack.populate(self.repo, 'metadata', None, 0)
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 168, in populate
    if self._check_db_version(repo, mydbtype):
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 226, in _check_db_version
    return repo._check_db_version(mdtype)
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1226, in _check_db_version
    repoXML = self.repoXML
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1399, in <lambda>
    repoXML = property(fget=lambda self: self._getRepoXML(),
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1395, in _getRepoXML
    raise Errors.RepoError, msg
yum.Errors.RepoError: Cannot retrieve repository metadata (repomd.xml) for repository: spacewalk. Please verify its path and try again
Comment 1 Miroslav Suchý 2011-09-20 04:20:39 EDT
Note to myself: from the traceback it is not directly visible but the exception is raised at:
 /usr/lib/python2.4/site-packages/yum/yumRepo.py +814
in function _getFile()
by line:
 result = self.grab.urlgrab(misc.to_utf8(relative), local,
Comment 2 Miroslav Suchý 2011-09-20 05:10:32 EDT
The error is raised at
  /usr/lib/python2.4/site-packages/urlgrabber/grabber.py +1202
in function _make_request() on line:
 fo = opener.open(req)

(Pdb) opener.open(req)
*** URLError: <urlopen error (-3, 'Temporary failure in name resolution')>
(Pdb) opener
<urllib2.OpenerDirector instance at 0x115e2878>
(Pdb) req
<urllib2.Request instance at 0x115e4fc8>
(Pdb) req.get_full_url()
'https://xn--ufuk-xpa16d5h.lab.eng.brq.redhat.com/pub/repo/repodata/repomd.xml'

Strange thing is stat:
(Pdb) o=urllib2.OpenerDirector()
(Pdb) o.open('https://xn--ufuk-xpa16d5h.lab.eng.brq.redhat.com/pub/repo/repodata/repomd.xml')
does not raise exception.
Comment 3 Miroslav Suchý 2011-09-20 05:44:52 EDT
/usr/lib/python2.4/site-packages/urlgrabber/grabber.py +1075
while 
(Pdb) opener.open(req)
*** URLError: <urlopen error (-3, 'Temporary failure in name resolution')>
fail, the pure:
(Pdb) o=urllib2.OpenerDirector()
(Pdb) o.open(req)
does not fail.
Is the problem in opener?
Comment 6 Miroslav Suchý 2011-10-03 08:16:10 EDT
This is problem in m2crypto (or it can be workarounded in urlgrabber). See bug 742914
Comment 8 Jan Pazdziora 2012-06-22 07:00:14 EDT
With RHEL 6.3 released, moving ON_QA.
Comment 9 Lukas Pramuk 2012-08-02 11:39:39 EDT
Failed to verify with version m2crypto-0.20.2-9.el6

# curl -k https://kvm11.virtual/myrepo/
<!DOCTYPE HTML PUBLIC...

# spacewalk-repo-sync -c myrepo -u http://kvm11.virtual/myrepo/
Repo URL: http://kvm11.virtual/myrepo/
Packages in repo:                 3
Packages already synced:          0
Packages to sync:                 3
1/3 : libxml2-python-2.7.6-4.el6_2.4-0.x86_64
2/3 : rhnlib-2.5.22-12.el6-0.noarch
3/3 : pyOpenSSL-0.10-2.el6-0.x86_64
Repo http://kvm11.virtual/myrepo/ has 0 errata.
Sync completed.
Total time: 0:00:00

# spacewalk-repo-sync -c myrepo -u https://kvm11.virtual/myrepo/
Traceback (most recent call last):
  File "/usr/bin/spacewalk-repo-sync", line 100, in <module>
    sys.exit(abs(main() or 0))
  File "/usr/bin/spacewalk-repo-sync", line 93, in main
    sync.sync()
  File "/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/reposync.py", line 100, in sync
    self.import_packages(plugin, repo_id, url)
  File "/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/reposync.py", line 303, in import_packages
    packages = plug.list_packages(filters)
  File "/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/repo_plugins/yum_src.py", line 151, in list_packages
    self.sack.populate(self.repo, 'metadata', None, 0)
  File "/usr/lib/python2.6/site-packages/yum/yumRepo.py", line 165, in populate
    if self._check_db_version(repo, mydbtype):
  File "/usr/lib/python2.6/site-packages/yum/yumRepo.py", line 223, in _check_db_version
    return repo._check_db_version(mdtype)
  File "/usr/lib/python2.6/site-packages/yum/yumRepo.py", line 1256, in _check_db_version
    repoXML = self.repoXML
  File "/usr/lib/python2.6/site-packages/yum/yumRepo.py", line 1455, in <lambda>
    repoXML = property(fget=lambda self: self._getRepoXML(),
  File "/usr/lib/python2.6/site-packages/yum/yumRepo.py", line 1451, in _getRepoXML
    raise Errors.RepoError, msg
yum.Errors.RepoError: Cannot retrieve repository metadata (repomd.xml) for repository: myrepo. Please verify its path and try again
Comment 10 Milan Zazrivec 2012-12-19 04:59:43 EST
I'm confirming traceback from comment #9, but it is not caused by a bug
in our code. The traceback shown is just the following error from urlgrabber 
disguised as a yum exception:

'Peer certificate cannot be authenticated with known CA certificates'

The thing is going to work correctly with latest spacewalk-backend as long
as you set ssl* directives in /etc/rhn/spacewalk-repo-sync/yum.conf correctly.

All verified with m2crypto-0.20.2-9.el6 and m2crypto-0.16-9.el5.x86_64.
Comment 11 Stephen Herr 2013-03-06 13:35:01 EST
Spacewalk 1.9 has been released.

https://fedorahosted.org/spacewalk/wiki/ReleaseNotes19

Note You need to log in before you can comment on or make changes to this bug.