912776 – rhn-migrate-classic-to-rhsm tool throws "Unable to connect to certificate server: Int or String expected." when /etc/sysconfig/rhn/up2date is proxy enabled

Bug 912776 - rhn-migrate-classic-to-rhsm tool throws "Unable to connect to certificate server: Int or String expected." when /etc/sysconfig/rhn/up2date is proxy enabled

Summary: rhn-migrate-classic-to-rhsm tool throws "Unable to connect to certificate ser...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	subscription-manager
Sub Component:
Version:	5.10
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	beta
Target Release:	5.10
Assignee:	Alex Wood
QA Contact:	John Sefler
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	rhsm-rhel510 rhsm-2013
TreeView+	depends on / blocked

Reported:	2013-02-19 16:15 UTC by John Sefler
Modified:	2013-09-30 22:56 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	No description necessary
Clone Of:
Environment:
Last Closed:	2013-09-30 22:56:40 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2013:1332	0	normal	SHIPPED_LIVE	subscription-manager bug fix and enhancement update	2013-09-30 22:49:24 UTC

Description John Sefler 2013-02-19 16:15:17 UTC

Description of problem:
When a rhel7 system is registered classically to RHN using a proxy enabled /etc/sysconfig/rhn/up2date file, a traceback is thrown in rhsm.log when rhn-migrate-classic-to-rhsm is run.  Note that this scenario has been passing on a rhel6 system and fails on rhel7 which are running python-2.6 and python-2.7 respectively.

Version-Release number of selected component (if applicable):
[root@jsefler-7 ~]# rpm -q subscription-manager-migration python rhn-setup
subscription-manager-migration-1.8.3-1.git.0.50cbc39.el7.x86_64
python-2.7.3-13.el7.x86_64
rhn-setup-1.8.27-8.el7.noarch


Steps to Reproduce:
[root@jsefler-7 ~]# grep -i proxy /etc/sysconfig/rhn/up2date 
enableProxy[comment]=Use a HTTP Proxy
enableProxy=1
proxyPassword[comment]=The password to use for an authenticated proxy
proxyPassword=redhat
proxyUser[comment]=The username for an authenticated proxy
proxyUser=redhat
httpProxy[comment]=HTTP proxy in host:port format, e.g. squid.redhat.com:3128
httpProxy=auto-services.usersys.redhat.com:3128
enableProxyAuth[comment]=To use an authenticated proxy or not
enableProxyAuth=1

[root@jsefler-7 ~]# rhnreg_ks --serverUrl=https://xmlrpc.rhn.code.stage.redhat.com/XMLRPC --username=qa --password=******* --force --norhnsd --nohardware --nopackages --novirtinfo
This system is not subscribed to any channels.
RHN channel support will be disabled.
[root@jsefler-7 ~]# rhn-channel --list
This system is not associated with any channel.   <==== Note: this is expected since there is currently no base rhel7 channel in the stage CDN

[root@jsefler-7 ~]# rhn-migrate-classic-to-rhsm --no-auto --serverurl=jsefler-f14-candlepin.usersys.redhat.com:8443/candlepin
Red Hat account: qa
Password: 
System Engine Username: testuser1
Password: 
Unable to connect to certificate server: Int or String expected.  See /var/log/rhsm/rhsm.log for more details.


[root@jsefler-7 ~]# tail -f /var/log/rhsm/rhsm.log
2013-02-19 11:11:24,306 [INFO]  @migrate.py:215 - Using proxy auto-services.usersys.redhat.com:3128 - transferring settings to rhsm.conf
2013-02-19 11:11:24,311 [DEBUG]  @profile.py:95 - Loading current RPM profile.
2013-02-19 11:11:24,412 [INFO]  @connection.py:575 - Using basic authentication as: testuser1
2013-02-19 11:11:24,412 [INFO]  @connection.py:597 - Connection Built: host: jsefler-f14-candlepin.usersys.redhat.com, port: 8443, handler: /candlepin
2013-02-19 11:11:24,413 [DEBUG]  @connection.py:394 - Loading CA PEM certificates from: /etc/rhsm/ca/
2013-02-19 11:11:24,414 [DEBUG]  @connection.py:376 - Loading CA certificate: '/etc/rhsm/ca/jsefler-f14-7candlepin.pem'
2013-02-19 11:11:24,414 [DEBUG]  @connection.py:376 - Loading CA certificate: '/etc/rhsm/ca/jsefler-f14-candlepin.pem'
2013-02-19 11:11:24,415 [DEBUG]  @connection.py:376 - Loading CA certificate: '/etc/rhsm/ca/candlepin-stage.pem'
2013-02-19 11:11:24,415 [DEBUG]  @connection.py:376 - Loading CA certificate: '/etc/rhsm/ca/redhat-uep.pem'
2013-02-19 11:11:24,416 [DEBUG]  @connection.py:400 - Using proxy: auto-services.usersys.redhat.com:3128
2013-02-19 11:11:24,416 [DEBUG]  @connection.py:415 - Making request: GET https://jsefler-f14-candlepin.usersys.redhat.com:8443/candlepin/users/testuser1/owners
2013-02-19 11:11:24,417 [ERROR]  @migrate.py:275 - Int or String expected
2013-02-19 11:11:24,419 [ERROR]  @migrate.py:276 - Traceback (most recent call last):
  File "/usr/share/rhsm/subscription_manager/migrate/migrate.py", line 270, in check_ok_to_proceed
    self.cp.getOwnerList(username)
  File "/usr/lib64/python2.7/site-packages/rhsm/connection.py", line 745, in getOwnerList
    return self.conn.request_get(method)
  File "/usr/lib64/python2.7/site-packages/rhsm/connection.py", line 481, in request_get
    return self._request("GET", method)
  File "/usr/lib64/python2.7/site-packages/rhsm/connection.py", line 422, in _request
    conn.request(request_type, handler, body=body, headers=headers)
  File "/usr/lib64/python2.7/httplib.py", line 958, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib64/python2.7/httplib.py", line 992, in _send_request
    self.endheaders(body)
  File "/usr/lib64/python2.7/site-packages/rhsm/connection.py", line 174, in endheaders
    httpslib.HTTPSConnection.endheaders(self)
  File "/usr/lib64/python2.7/httplib.py", line 954, in endheaders
    self._send_output(message_body)
  File "/usr/lib64/python2.7/httplib.py", line 814, in _send_output
    self.send(msg)
  File "/usr/lib64/python2.7/httplib.py", line 776, in send
    self.connect()
  File "/usr/lib64/python2.7/site-packages/M2Crypto/httpslib.py", line 195, in connect
    HTTPConnection.connect(self)
  File "/usr/lib64/python2.7/httplib.py", line 757, in connect
    self.timeout, self.source_address)
  File "/usr/lib64/python2.7/socket.py", line 553, in create_connection
    for res in getaddrinfo(host, port, 0, SOCK_STREAM):
error: Int or String expected

Comment 1 Alex Wood 2013-03-01 19:32:01 UTC

commit a1457a5113feecd9df082c71b3bba9102f5eb760
Author: Alex Wood <awood>
Date:   Tue Feb 19 16:26:40 2013 -0500

    912776: Cast proxy port to an integer.

Comment 2 Sharath Dwaral 2013-03-12 15:15:56 UTC

# rpm -qa | egrep "subscription-manager|python-rhsm"
subscription-manager-firstboot-1.8.4-1.el7.x86_64
python-rhsm-1.8.7-1.el7.x86_64
subscription-manager-gui-1.8.4-1.el7.x86_64
subscription-manager-migration-1.8.4-1.el7.x86_64
subscription-manager-1.8.4-1.el7.x86_64
subscription-manager-debuginfo-1.8.4-1.el7.x86_64

# grep -i proxy /etc/sysconfig/rhn/up2date
enableProxy[comment]=Use a HTTP Proxy
enableProxy=1
proxyPassword[comment]=The password to use for an authenticated proxy
proxyPassword=redhat
proxyUser[comment]=The username for an authenticated proxy
proxyUser=redhat
httpProxy[comment]=HTTP proxy in host:port format, e.g. squid.redhat.com:3128
httpProxy=auto-services.usersys.redhat.com:3128
enableProxyAuth[comment]=To use an authenticated proxy or not
enableProxyAuth=1

# rhnreg_ks --serverUrl=https://xmlrpc.rhn.code.stage.redhat.com/XMLRPC --username=qa --password=****** --force --norhnsd --nohardware --nopackages --novirtinfo
This system is not subscribed to any channels.
RHN channel support will be disabled.

# rhn-channel --list
This system is not associated with any channel.
[root@dhcp129-175 ~]# rhn-migrate-classic-to-rhsm --no-auto --serverurl=fsharath-candlepin.usersys.redhat.com:8443/candlepin
Red Hat account: qa
Password: ******
System Engine Username: testuser1
Password: ******
Org: *******
Unable to authenticate to RHN Classic.  See /var/log/rhsm/rhsm.log for more details.

# tail -f /var/log/rhsm/rhsm.log
2013-03-12 11:09:15,150 [DEBUG]  @connection.py:434 - Response status: 200
2013-03-12 11:09:15,151 [INFO]  @managercli.py:311 - Server Versions: {'candlepin': '0.7.27-1', 'server-type': 'This system is currently not registered.'} 
2013-03-12 11:09:21,011 [ERROR]  @plugins.py:826 - Could not find /usr/lib/rhsm-plugins for plugin import
2013-03-12 11:09:21,011 [DEBUG]  @plugins.py:508 - loaded plugin modules: []
2013-03-12 11:09:21,011 [DEBUG]  @plugins.py:509 - loaded plugins: {}
2013-03-12 11:09:21,012 [DEBUG]  @plugins.py:481 - Calling PluginManager init
2013-03-12 11:09:21,052 [DEBUG]  @profile.py:95 - Loading current RPM profile.
2013-03-12 11:09:21,085 [INFO]  @managercli.py:300 - Client Versions: {'python-rhsm': '1.8.7-1.el7', 'subscription-manager': '1.8.4-1.el7'} 
2013-03-12 11:09:21,086 [INFO]  @managerlib.py:825 - Cleaned local data
2013-03-12 11:09:21,227 [DEBUG]  @utils.py:395 - No virt-who pid file, not attempting to restart
2013-03-12 11:10:49,534 [INFO]  @migrate.py:215 - Using proxy auto-services.usersys.redhat.com:3128 - transferring settings to rhsm.conf
2013-03-12 11:10:49,536 [DEBUG]  @profile.py:95 - Loading current RPM profile.
2013-03-12 11:10:49,571 [INFO]  @connection.py:575 - Using basic authentication as: testuser1
2013-03-12 11:10:49,571 [INFO]  @connection.py:597 - Connection Built: host: fsharath-candlepin.usersys.redhat.com, port: 8443, handler: /candlepin
2013-03-12 11:10:49,572 [DEBUG]  @connection.py:394 - Loading CA PEM certificates from: /etc/rhsm/ca/
2013-03-12 11:10:49,572 [DEBUG]  @connection.py:376 - Loading CA certificate: '/etc/rhsm/ca/fsharath-candlepin.pem'
2013-03-12 11:10:49,572 [DEBUG]  @connection.py:376 - Loading CA certificate: '/etc/rhsm/ca/candlepin-stage.pem'
2013-03-12 11:10:49,572 [DEBUG]  @connection.py:376 - Loading CA certificate: '/etc/rhsm/ca/redhat-uep.pem'
2013-03-12 11:10:49,573 [DEBUG]  @connection.py:400 - Using proxy: auto-services.usersys.redhat.com:3128
2013-03-12 11:10:49,573 [DEBUG]  @connection.py:415 - Making request: GET https://fsharath-candlepin.usersys.redhat.com:8443/candlepin/users/testuser1/owners
2013-03-12 11:10:49,748 [DEBUG]  @connection.py:434 - Response status: 200
2013-03-12 11:10:49,749 [DEBUG]  @connection.py:394 - Loading CA PEM certificates from: /etc/rhsm/ca/
2013-03-12 11:10:49,750 [DEBUG]  @connection.py:376 - Loading CA certificate: '/etc/rhsm/ca/fsharath-candlepin.pem'
2013-03-12 11:10:49,750 [DEBUG]  @connection.py:376 - Loading CA certificate: '/etc/rhsm/ca/candlepin-stage.pem'
2013-03-12 11:10:49,751 [DEBUG]  @connection.py:376 - Loading CA certificate: '/etc/rhsm/ca/redhat-uep.pem'
2013-03-12 11:10:49,751 [DEBUG]  @connection.py:400 - Using proxy: auto-services.usersys.redhat.com:3128
2013-03-12 11:10:49,752 [DEBUG]  @connection.py:415 - Making request: GET https://fsharath-candlepin.usersys.redhat.com:8443/candlepin/users/testuser1/owners
2013-03-12 11:10:49,883 [DEBUG]  @connection.py:434 - Response status: 200
2013-03-12 11:10:55,119 [DEBUG]  @connection.py:394 - Loading CA PEM certificates from: /etc/rhsm/ca/
2013-03-12 11:10:55,120 [DEBUG]  @connection.py:376 - Loading CA certificate: '/etc/rhsm/ca/fsharath-candlepin.pem'
2013-03-12 11:10:55,120 [DEBUG]  @connection.py:376 - Loading CA certificate: '/etc/rhsm/ca/candlepin-stage.pem'
2013-03-12 11:10:55,121 [DEBUG]  @connection.py:376 - Loading CA certificate: '/etc/rhsm/ca/redhat-uep.pem'
2013-03-12 11:10:55,121 [DEBUG]  @connection.py:400 - Using proxy: auto-services.usersys.redhat.com:3128
2013-03-12 11:10:55,122 [DEBUG]  @connection.py:415 - Making request: GET https://fsharath-candlepin.usersys.redhat.com:8443/candlepin/
2013-03-12 11:10:55,242 [DEBUG]  @connection.py:434 - Response status: 200
2013-03-12 11:10:55,242 [DEBUG]  @connection.py:613 - Server supports the following resources:
2013-03-12 11:10:55,243 [DEBUG]  @connection.py:614 - {'': '/', 'hypervisors': '/hypervisors', 'serials': '/serials', 'consumers': '/consumers', 'migrations': '/migrations', 'content': '/content', 'entitlements': '/entitlements', 'statistics/generate': '/statistics/generate', 'status': '/status', 'jobs': '/jobs', 'users': '/users', 'subscriptions': '/subscriptions', 'rules': '/rules', 'consumertypes': '/consumertypes', 'activation_keys': '/activation_keys', 'atom': '/atom', 'owners': '/owners', 'roles': '/roles', 'admin': '/admin', 'events': '/events', 'products': '/products', 'pools': '/pools', 'crl': '/crl'}
2013-03-12 11:10:55,243 [INFO]  @migrate.py:340 - Using proxy auto-services.usersys.redhat.com:3128 for RHN API methods
2013-03-12 11:10:55,267 [ERROR]  @migrate.py:348 - Traceback (most recent call last):
  File "/usr/share/rhsm/subscription_manager/migrate/migrate.py", line 345, in connect_to_rhn
    sk = sc.auth.login(credentials.username, credentials.password)
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1224, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1578, in __request
    verbose=self.__verbose
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1264, in request
    return self.single_request(host, handler, request_body, verbose)
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1294, in single_request
    response = h.getresponse(buffering=True)
AttributeError: HTTP instance has no attribute 'getresponse'


QA Failed

Comment 3 RHEL Program Management 2013-04-09 20:55:23 UTC

This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release.  Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products.  This request is not yet committed for inclusion in
a release.

Comment 4 Alex Wood 2013-05-31 13:50:52 UTC

Please retest this.  The error you were seeing has been fixed with e0d326f0af1ff1ca79e2e45ef66e7a21b9610847.

Comment 5 John Sefler 2013-07-02 21:40:51 UTC

Attempting to verify on RHEL7 with version...
[root@jsefler-7server ~]# rpm -q subscription-manager-migration python-rhsm
subscription-manager-migration-1.8.11-1.el7.x86_64
python-rhsm-1.8.13-1.el7.x86_64

[root@jsefler-7server ~]# grep -i proxy /etc/sysconfig/rhn/up2date
enableProxy[comment]=Use a HTTP Proxy
enableProxy=1
proxyPassword[comment]=The password to use for an authenticated proxy
proxyPassword=redhat
proxyUser[comment]=The username for an authenticated proxy
proxyUser=redhat
httpProxy[comment]=HTTP proxy in host:port format, e.g. squid.redhat.com:3128
httpProxy=auto-services.usersys.redhat.com:3128
enableProxyAuth[comment]=To use an authenticated proxy or not
enableProxyAuth=1

[root@jsefler-7server ~]# rhnreg_ks --serverUrl=https://xmlrpc.rhn.code.stage.redhat.com/XMLRPC --username=qa --password=**** --force --norhnsd --nohardware --nopackages --novirtinfo
This system is not subscribed to any channels.
RHN channel support will be disabled.

[root@jsefler-7server ~]# scp root.redhat.com:/etc/candlepin/certs/candlepin-ca.crt /etc/rhsm/ca/jsefler-f14-candlepin.pem
The authenticity of host 'jsefler-f14-candlepin.usersys.redhat.com (10.16.120.160)' can't be established.
RSA key fingerprint is f6:0d:c7:af:12:98:78:1e:2f:71:bb:52:81:f6:2a:1e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'jsefler-f14-candlepin.usersys.redhat.com,10.16.120.160' (RSA) to the list of known hosts.
root.redhat.com's password: 
candlepin-ca.crt                                                                                                 100%  908     0.9KB/s   00:00    
[root@jsefler-7server ~]# ls /etc/rhsm/ca/jsefler-f14-candlepin.pem 
/etc/rhsm/ca/jsefler-f14-candlepin.pem

^^ Note: an alternative to copying the candlepin ca cert would be: subscription-manager config --server.insecure=1

[root@jsefler-7server ~]# rhn-migrate-classic-to-rhsm --no-auto --serverurl=jsefler-f14-candlepin.usersys.redhat.com:8443/candlepin
Red Hat account: qa
Password: 
System Engine Username: testuser1
Password: 
Org: admin

Retrieving existing RHN Classic subscription information...
Problem encountered getting the list of subscribed channels.  Exiting.
[root@jsefler-7server ~]# echo $?
1

^^ BANG!  NEEDINFO ON THE EXPECTED RESULTS
Recall that we already know there were no RHN Classic channels consumed on RHEL7 - review earlier rhnreg_ks output.  While we know that there are no RHN Classic Channels being consumed, The result of calling rhn-migrate-classic-to-rhsm could either be:
1. exactly what we observe above - the migration script exits leaving us registered to RHN Classic
2. the migration proceeds to unregister the system from RHN Classic and register the system to RHSM without having installed any product certs (because there are no classic channels consumed and therefore no mappings to worry about).



[root@jsefler-7server ~]# tail -f /var/log/rhsm/rhsm.log
2013-07-02 17:18:17,095 [INFO]  @migrate.py:316 - Using proxy auto-services.usersys.redhat.com:3128 for RHN API methods
2013-07-02 17:18:18,525 [ERROR]  @migrate.py:346 - Traceback (most recent call last):
  File "/usr/share/rhsm/subscription_manager/migrate/migrate.py", line 344, in get_subscribed_channels_list
    subscribed_channels = map(lambda x: x['label'], getChannels().channels())
  File "/usr/share/rhn/up2date_client/rhnChannel.py", line 113, in getChannels
    raise up2dateErrors.NoChannelsError(_("This system may not be updated until it is associated with a channel."))
NoChannelsError: This system may not be updated until it is associated with a channel.

Comment 6 John Sefler 2013-07-05 13:56:39 UTC

(In reply to John Sefler from comment #5)

> Retrieving existing RHN Classic subscription information...
> Problem encountered getting the list of subscribed channels.  Exiting.
> [root@jsefler-7server ~]# echo $?
> 1
> 
> ^^ BANG!  NEEDINFO ON THE EXPECTED RESULTS
> Recall that we already know there were no RHN Classic channels consumed on
> RHEL7 - review earlier rhnreg_ks output.  While we know that there are no
> RHN Classic Channels being consumed, The result of calling
> rhn-migrate-classic-to-rhsm could either be:
> 1. exactly what we observe above - the migration script exits leaving us
> registered to RHN Classic
> 2. the migration proceeds to unregister the system from RHN Classic and
> register the system to RHSM without having installed any product certs
> (because there are no classic channels consumed and therefore no mappings to
> worry about).


Upon further review with awood, the fact that RHN raises an up2dateErrors.NoChannelsError means that they consider the absence of at least a base channel to be unexpected.  Therefore the safest thing for the rhn-migrate-classic-to-rhsm script to do is honor the NoChannelsError and exit as demonstrated in comment 5.

Moving this bug to VERIFIED

Comment 8 errata-xmlrpc 2013-09-30 22:56:40 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1332.html

Note You need to log in before you can comment on or make changes to this bug.