Bug 887039 - When a feed fails to pass CA verification, Pulp doesn't inform the user of the problem and writes a traceback
Summary: When a feed fails to pass CA verification, Pulp doesn't inform the user of th...
Status: CLOSED DUPLICATE of bug 971546
Alias: None
Product: Pulp
Classification: Retired
Component: rpm-support
Version: Master
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 2.2.0
Assignee: Michael Hrivnak
QA Contact: Preethi Thomas
Depends On:
TreeView+ depends on / blocked
Reported: 2012-12-13 21:58 UTC by Randy Barlow
Modified: 2013-06-10 21:03 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2013-06-10 21:03:50 UTC

Attachments (Terms of Use)

Description Randy Barlow 2012-12-13 21:58:41 UTC
If we sync a repo with --verify-feed-ssl=true but don't pass a CA cert, the pulp.log file has these entries:

2012-12-13 16:10:37,540 pulp.plugins.yum_importer.importer_rpm:INFO: Begin sync of repo <rhel-6-server-7> from feed_url <https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/os>
2012-12-13 16:10:37,959 pulp.plugins.yum_importer.importer_rpm:ERROR: Failed to fetch metadata on: https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/os
2012-12-13 16:10:37,960 pulp.plugins.yum_importer.importer:ERROR: Caught Exception: failure: repodata/repomd.xml from rhel-6-server-7: [Errno 256] No more mirrors to try.
Traceback (most recent call last):
  File "/usr/lib/pulp/plugins/importers/yum_importer/importer.py", line 488, in sync_repo
    status, summary, details = self._sync_repo(repo, sync_conduit, config)
  File "/usr/lib/pulp/plugins/importers/yum_importer/importer.py", line 542, in _sync_repo
    rpm_status, summary["packages"], details["packages"] = self.importer_rpm.sync(repo, sync_conduit, config, progress_callback)
  File "/usr/lib/pulp/plugins/importers/yum_importer/importer_rpm.py", line 472, in sync
    num_retries=num_retries, retry_delay=retry_delay)
  File "/usr/lib/python2.7/site-packages/grinder/RepoFetch.py", line 154, in setup
  File "/usr/lib/python2.7/site-packages/grinder/YumInfo.py", line 406, in setUp
  File "/usr/lib/python2.7/site-packages/grinder/activeobject.py", line 82, in __call__
    return self.object(self, *args, **kwargs)
  File "/usr/lib/python2.7/site-packages/grinder/activeobject.py", line 269, in __call__
    return self.__call(method, args, kwargs)
  File "/usr/lib/python2.7/site-packages/grinder/activeobject.py", line 245, in __call
    return self.__rmi(method.name, args, kwargs)
  File "/usr/lib/python2.7/site-packages/grinder/activeobject.py", line 137, in __rmi
    raise ex
NoMoreMirrorsRepoError: failure: repodata/repomd.xml from rhel-6-server-7: [Errno 256] No more mirrors to try.
2012-12-13 16:10:38,004 pulp.server.dispatch.task:ERROR: Importer indicated a failed response
Traceback (most recent call last):
  File "/home/rbarlow/devel/pulp/platform/src/pulp/server/dispatch/task.py", line 123, in _run
    result = call(*args, **kwargs)
  File "/home/rbarlow/devel/pulp/platform/src/pulp/server/managers/repo/sync.py", line 158, in sync
    raise PulpExecutionException(_('Importer indicated a failed response'))
PulpExecutionException: Importer indicated a failed response
2012-12-13 16:10:38,004 pulp.server.dispatch.task:INFO: FAILURE: Task 4c241053-ef22-4cb2-afcb-fa05dc5ec8e7: CallRequest: RepoSyncManager.sync(u'rhel-6-server-7', sync_config_override=None, importer_config={}, importer_instance=<yum_importer.importer.YumImporter object at 0x7f82c4102910>)

Also, the pulp-client fails to parse the response from the server adequately and informs the user to see ~/.pulp/admin.log, which also doesn't contain any useful information:

2012-12-13 16:10:38,251 - ERROR - Client-side exception occurred
Traceback (most recent call last):
  File "/home/rbarlow/devel/pulp/platform/src/pulp/client/extensions/core.py", line 478, in run
    exit_code = Cli.run(self, args)
  File "/usr/lib/python2.7/site-packages/okaara/cli.py", line 933, in run
    exit_code = command_or_section.execute(self.prompt, remaining_args)
  File "/home/rbarlow/devel/pulp/platform/src/pulp/client/extensions/extensions.py", line 224, in execute
    return self.method(*arg_list, **clean_kwargs)
  File "/home/rbarlow/devel/pulp/platform/src/pulp/client/commands/repo/sync_publish.py", line 101, in run
    status.display_group_status(self.context, self.renderer, task_group_id)
  File "/home/rbarlow/devel/pulp/platform/src/pulp/client/commands/repo/status/status.py", line 63, in display_group_status
    _display_status(context, renderer, task_list)
  File "/home/rbarlow/devel/pulp/platform/src/pulp/client/commands/repo/status/status.py", line 95, in _display_status
    _display_task_status(context, renderer, task.task_id, quiet_waiting=quiet_waiting)
  File "/home/rbarlow/devel/pulp/platform/src/pulp/client/commands/repo/status/status.py", line 133, in _display_task_status
  File "/home/rbarlow/devel/pulp_rpm/pulp_rpm/src/pulp_rpm/extension/admin/status.py", line 67, in display_report
  File "/home/rbarlow/devel/pulp_rpm/pulp_rpm/src/pulp_rpm/extension/admin/status.py", line 93, in render_metadata_step
KeyError: 'error'

We should instead raise a meaningful error about the SSL cert failing validation, and we should log it in pulp.log as well as send it to the client so the user gets a friendly and informative message.

Comment 1 Jay Dobies 2013-04-01 17:38:58 UTC
There isn't much here we can do since it's yum giving us the catch-all error. Assigning to Mike to move to QA once the new yum importer is in use.

Comment 2 Michael Hrivnak 2013-06-10 21:03:50 UTC
This was fixed by #971546.

The output is still not great, but a big improvement. It may be appropriate for nectar to return a friendlier message.


$ pulp-admin rpm repo sync run --repo-id=rhel6
                    Synchronizing Repository [rhel6]

This command may be exited by pressing ctrl+c without affecting the actual
operation on the server.

Downloading metadata...
... failed

[Errno 1] _ssl.c:504: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

*** This bug has been marked as a duplicate of bug 971546 ***

Note You need to log in before you can comment on or make changes to this bug.