Description of problem: As in $Summary field; the issue is rhui-manager reports an "unexpected error" instead of giving some reasonable output to the user. See the additional info section for a brief screen log... How reproducible: Always Steps to Reproduce: 1. upload an invalid (banned) RHN certificate 2. add a RHN repository 3. unexpected error Actual results: "unexpected error" message displayed trying to access RHN with an invalid certificate Expected results: Error message displayed that shows what the problem is Additional info: ## Screen log root: DEBUG: RCV: a Loading latest entitled products from Red Hat... An unexpected error has occurred during the last operation. More information can be found in /root/.rhui/rhui.log. ## rhui.log of the error Error retrieving URL [https://cdn.redhat.com//content/beta/rhel/rhui/server/6/listing] Unexpected error caught at the shell level Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/rhui/tools/shell.py", line 86, in safe_listen self.listen(clear=first_run) File "/usr/lib/python2.6/site-packages/rhui/tools/shell.py", line 112, in listen Shell.listen(self) File "/usr/lib/python2.6/site-packages/rhui/common/shell.py", line 186, in listen item.func(*args, **item.kwargs) File "/usr/lib/python2.6/site-packages/rhui/tools/screens/repo.py", line 123, in add self.candidate_repo_manager.translate_entitlements() File "/usr/lib/python2.6/site-packages/rhui/tools/repo_candidates.py", line 64, in translate_entitlements mappings = self.cdn_api.expand_variables(e.download_url, cert.cert_filename) File "/usr/lib/python2.6/site-packages/rhui/tools/cdn_api.py", line 71, in expand_variables mappings = self._translate_next_variable({'' : url}, cert_filename) File "/usr/lib/python2.6/site-packages/rhui/tools/cdn_api.py", line 104, in _translate_next_variable substitutions = self._request_get(listing_url, cert_filename).split('\n') File "/usr/lib/python2.6/site-packages/rhui/tools/cdn_api.py", line 164, in _request_get raise Exception(response.status, response.read()) Exception: (403, '<HTML><HEAD>\n<TITLE>Access Denied</TITLE>\n</HEAD><BODY>\n<H1>Access Denied</H1>\n \nYou don\'t have permission to access "http://cdn.redhat.com/content/beta/rhel/rhui/server/6/listing" on this server.<P>\nReference #18.6d7df5c3.1352290174.1ba92d2\n</BODY>\n</HTML>\n') Connecting to RHUA [rhua.example.com]... Successfully connected to [rhua.example.com] Connecting to RHUA [rhua.example.com]... Successfully connected to [rhua.example.com] Connecting to RHUA [rhua.example.com]... Successfully connected to [rhua.example.com] Connecting to RHUA [rhua.example.com]... Successfully connected to [rhua.example.com] Connecting to RHUA [rhua.example.com]... Successfully connected to [rhua.example.com] Connecting to RHUA [rhua.example.com]... Successfully connected to [rhua.example.com] Connecting to RHUA [rhua.example.com]... Successfully connected to [rhua.example.com] Unexpected error caught at the shell level Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/rhui/tools/shell.py", line 86, in safe_listen self.listen(clear=first_run) File "/usr/lib/python2.6/site-packages/rhui/tools/shell.py", line 112, in listen Shell.listen(self) File "/usr/lib/python2.6/site-packages/rhui/common/shell.py", line 186, in listen item.func(*args, **item.kwargs) File "/usr/lib/python2.6/site-packages/rhui/tools/screens/repo.py", line 318, in delete redhat_selected_repos, custom_selected_repos = render.select_repos(self.prompt, redhat_repos, custom_repos) File "/usr/lib/python2.6/site-packages/rhui/tools/render.py", line 71, in select_repos selected_section_indices = prompt.prompt_multiselect_sectioned_menu(q, sections, section_post_text='', interruptable=True) File "/usr/lib/python2.6/site-packages/rhui/common/prompt.py", line 315, in prompt_multiselect_sectioned_menu selection = self.prompt(q, interruptable=interruptable) File "/usr/lib/python2.6/site-packages/rhui/common/prompt.py", line 446, in prompt answer = self.read(question) File "/usr/lib/python2.6/site-packages/rhui/common/prompt.py", line 467, in read return self.input.readline().rstrip() # rstrip removes the trailing \n IOError: [Errno 5] Input/output error
If to upload an invalid (expired) cert, and then try to create a RH repo, no any error is shown. I expect some meaningful error like 'The entitlement certificate is expired, and needed to be updated to create a RH repo' >> date Thu Oct 2 20:05:53 EDT 2025 in rhui-manager: >> rhui (entitlements) => l Red Hat Entitlements Valid No valid entitlements found. Expired Beta RHEL RHUI Everything 7 Debug Expiration: 12-14-2024 Certificate: good_rhui_cert.pem Beta RHEL RHUI Everything 7 OS Expiration: 12-14-2024 Certificate: good_rhui_cert.pem Beta RHEL RHUI Everything 7 Source Srpms Expiration: 12-14-2024 Certificate: good_rhui_cert.pem .... >> rhui (repo) => a Loading latest entitled products from Red Hat... ... listings loaded Determining undeployed products... ... product list calculated All entitled products are currently deployed in the RHUI. >> rhui (repo)
with banned certificate: >> rhui (repo) => a Loading latest entitled products from Red Hat... ... listings loaded The following errors occurred while loading the listings: Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/beta/rhel/rhui/server/6/listing. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/beta/rhel/rhui/server/5/5Server/listing. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/eus/rhel/rhui/server/5/listing. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/dist/rhes/rhui/vsa/1.0/listing. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/beta/rhel/rhui/server/5/listing. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/eus/rhel/rhui/server/6/listing. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/dist/rhs/rhui/server/2.1/listing. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/beta/rhel/rhui/server/7/listing. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/dist/rhel/rhui/server/7/7Server/listing. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/beta/rhel/rhui/everything/7/x86_64/os/CONTAINER_REGISTRY_LISTING. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/beta/rhel/rhui/everything/7/x86_64/debug/CONTAINER_REGISTRY_LISTING. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/beta/rhel/rhui/everything/7/x86_64/source/SRPMS/CONTAINER_REGISTRY_LISTING. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/dist/rhel/rhui/server/7/listing. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/dist/rhel/rhui/server/6/6Server/listing. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/dist/rhs/rhui/server/2.0/listing. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/dist/rhel/rhui/server/5/5Server/listing. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/dist/rhel/rhui/server/5/listing. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/dist/rhel/rhui/server/6/listing. Determining undeployed products... ... product list calculated All entitled products are currently deployed in the RHUI. I would prefer to see a massage "The certificate is Invalid" or smth similar.
In RHEL6/7 ISO's 20161025, 1. there is still 403 an error on uploading a 'deactivated' cert as in comment #4 > Here are the instructions to deactivate the cert > 1) attach a subscription to a system > 2) get the entitlement cert from /etc/pki/entitlement and move it somewhere save > 3) remove that subscription from the system I believe Exception on 403 similar to "Your certificate was refused by the server. Please update the entitlement certificate. For details see ~/.rhui/rhui.log" (all those "Received HTTP 403 Forbidden retrieving $url" goes to the log file) would be more helpful. 2. Rhui-manager doesn't inform the user if the certificate expires. Upload a valid cert, ensure it's listed by rhui-manager as "Valud", then change the server date, so the cert expires, try to list it.. see: >> rhui (entitlements) => l Red Hat Entitlements No Red Hat entitlements found. 3. If a user uploads an expired cert, nothing will be uploaded and no helpful message will be displayed. Full path to the new content certificate: /tmp/expired_rhui_cert_02_22_2015.pem The RHUI will be updated with the following certificate: /tmp/expired_rhui_cert_02_22_2015.pem Proceed? (y/n) y Red Hat Entitlements No Red Hat entitlements found. ------------------------------------------------------------------------------ rhui (entitlements) => l Red Hat Entitlements No Red Hat entitlements found. I expect a helpful message "The uploaded certificate is expired. Please upload a valid one." on uploading the expired certificate.
I've been able to add validation for 3, and have added out put for 1 if no repos were found to add and there were 403 errors. As far as scenario 2) that's going to be pretty tough, as the current code searches by entitlement, not by certificate, for each certificate in a directory and I (at this time) can't find an easy way to interrupt this flow without causing potentially major disruption.
ISO 20161115: 1. There is still 403 on adding a repo with a deactivated cert: Loading latest entitled products from Red Hat... ... listings loaded The following errors occurred while loading the listings: Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/beta/rhel/rhui/server/6/listing. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/beta/rhel/rhui/everything/7/x86_64/debug/summary. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/eus/rhel/rhui/server/5/listing. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/beta/rhel/rhui/everything/7/x86_64/source/SRPMS/summary. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/dist/rhes/rhui/vsa/1.0/listing. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/beta/rhel/rhui/server/5/listing. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/eus/rhel/rhui/server/6/listing. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/dist/rhs/rhui/server/2.1/listing. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/beta/rhel/rhui/server/7/listing. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/dist/rhel/rhui/server/7/7Server/listing. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/beta/rhel/rhui/server/5/5Server/listing. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/dist/rhel/rhui/server/7/listing. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/dist/rhel/rhui/server/6/6Server/listing. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/dist/rhs/rhui/server/2.0/listing. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/beta/rhel/rhui/everything/7/x86_64/os/summary. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/dist/rhel/rhui/server/5/5Server/listing. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/dist/rhel/rhui/server/5/listing. Received HTTP 403 Forbidden retrieving https://cdn.redhat.com/content/dist/rhel/rhui/server/6/listing. Determining undeployed products... ... product list calculated No products are available to be deployed. The certificate could be invalid 3. Validation works on uploading an expired cert: rhui (entitlements) => u Full path to the new content certificate: /tmp/extra_rhui_files/expired_rhui_cert_02_22_2015.pem The RHUI will be updated with the following certificate: /tmp/extra_rhui_files/expired_rhui_cert_02_22_2015.pem Proceed? (y/n) y The provided certificate is expired or invalid. Please upload a valid one
HTTP Errors need to be sent to the logs
RHUI7 ISO 20161213 with a banned cert: hui (repo) => a Loading latest entitled products from Red Hat... ... listings loaded The following errors occurred while loading the listings: Determining undeployed products... ... product list calculated No products are available to be deployed. The certificate could be invalid ------------------------------------------------------------------------------
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:0367