Bug 967939 - repo sync failure for repos with certs
repo sync failure for repos with certs
Status: CLOSED CURRENTRELEASE
Product: Pulp
Classification: Community
Component: z_other (Show other bugs)
Master
Unspecified Unspecified
unspecified Severity unspecified
: ---
: 2.2.0
Assigned To: Jason Connor
Preethi Thomas
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-05-28 11:34 EDT by Preethi Thomas
Modified: 2014-03-30 21:40 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-09-10 11:44:08 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
test script that downloads the repomd.xml file using the credentials in the description (1.11 KB, text/x-python-script)
2013-05-29 12:21 EDT, Jason Connor
no flags Details

  None (edit)
Description Preethi Thomas 2013-05-28 11:34:31 EDT
Description of problem:
Repo sync fails for protected repos



Version-Release number of selected component (if applicable):
[root@cloud-qe-7 ~]# rpm -q pulp-server
pulp-server-2.2.0-0.14.alpha.fc18.noarch
[root@cloud-qe-7 ~]# 


How reproducible:


Steps to Reproduce:
[root@cloud-qe-7 ~]# pulp-admin rpm repo create --repo-id rhel6-2 --feed  https://cdn.redhat.com/content/dist/rhel/rhui/server/6/6.2/x86_64/os/ --feed-ca-cert CDN/cdn.redhat.com-chain.crt --feed-cert CDN/1359391926_4512.crt  --feed-key CDN/1359391926_4512.key  --verify-feed-ssl=false
Successfully created repository [rhel6-2]

[root@cloud-qe-7 ~]# pulp-admin rpm repo sync run --repo-id rhel6-2
+----------------------------------------------------------------------+
                   Synchronizing Repository [rhel6-2]
+----------------------------------------------------------------------+

This command may be exited by pressing ctrl+c without affecting the actual
operation on the server.

Downloading metadata...
[\]
... failed

An unexpected error has occurred. More information can be found in the client
log file ~/.pulp/admin.log.




Actual results:


Expected results:


Additional info:


From
pulp.log

2013-05-28 11:21:46,930 urllib3.connectionpool:INFO: Starting new HTTPS connection (1): cdn.redhat.com
2013-05-28 11:21:47,331 nectar.downloaders.revent:ERROR: Download of https://cdn.redhat.com/content/dist/rhel/rhui/server/6/6.2/x86_64/os/repodata/repomd.xml failed with code 403: Forbidden
2013-05-28 11:21:47,335 pulp.server.dispatch.task:ERROR: Importer indicated a failed response
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/pulp/server/dispatch/task.py", line 138, in _run
    result = call(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/pulp/server/managers/repo/sync.py", line 117, in sync
    raise PulpExecutionException(_('Importer indicated a failed response'))
PulpExecutionException: Importer indicated a failed response
2013-05-28 11:21:47,336 pulp.server.dispatch.task:INFO: FAILURE: Task 386e665e-3e79-471b-b4f2-67d2737a6538: CallRequest: RepoSyncManager.sync(u'rhel6-2', sync_config_override=None)
Comment 1 Jay Dobies 2013-05-28 12:26:07 EDT
For now, filing this as a nectar bug to check the eventlet downloader to make sure this functionality works.
Comment 2 Jason Connor 2013-05-29 12:21:04 EDT
Created attachment 754459 [details]
test script that downloads the repomd.xml file using the credentials in the description

test script that downloads the repomd.xml file using the credentials in the description
Comment 3 Jason Connor 2013-05-29 12:24:27 EDT
I've added a simple script that downloads the repomd.xml file from the RHEL 6 repo using the credential above. It even does SSL validation using the provided CA cert.

I suspect that this is not a "bug" in nectar, so much as it is a known limitation. The revent downloader currently only supports the ssl_*_path configuration options and cannot, as yet, utilize the raw data options.

I was planning on bring up this limitation as a story for next sprint.
Comment 4 Jay Dobies 2013-05-29 13:40:15 EDT
The whole contract between a downloader and the caller is still a bit in flux, but the idea is that there will be a base set of options that work in all cases. That way, we don't have these sorts of one-off notes that apply to one downloader and not another. How hard would it be for the eventlet downloader to take the cert contents and write them to a temporary file for now? That way it's one step closer to being compliant (compliant with a spec that doesn't really exist short of the docs in DownloaderConfig, I realize that).
Comment 5 Jason Connor 2013-05-29 17:48:02 EDT
Fix in pull request
Comment 6 Jeff Ortel 2013-06-04 11:54:35 EDT
build: 2.2.0-0.1.beta
Comment 7 Preethi Thomas 2013-06-05 14:22:14 EDT
verified
[root@hp-dl360g6-01 ~]# rpm -q pulp-server
pulp-server-2.2.0-0.1.beta.fc18.noarch
[root@hp-dl360g6-01 ~]# 

[root@hp-dl360g6-01 ~]# pulp-admin rpm repo create --repo-id rhel6-2 --feed  https://cdn.redhat.com/content/dist/rhel/rhui/server/6/6.2/x86_64/os/ --feed-ca-cert CDN/cdn.redhat.com-chain.crt --feed-cert CDN/1359391926_4512.crt  --feed-key CDN/1359391926_4512.key  --
Successfully created repository [rhel6-2]

[root@hp-dl360g6-01 ~]# time pulp-admin rpm repo sync run --repo-id rhel6-2
+----------------------------------------------------------------------+
                   Synchronizing Repository [rhel6-2]
+----------------------------------------------------------------------+

This command may be exited by pressing ctrl+c without affecting the actual
operation on the server.

Downloading metadata...
[|]
... completed

Downloading repository content...
[=========                                        [=========                        [==================================================] 100%
RPMs:       7281/7281 items
Delta RPMs: 0/0 items

... completed

Downloading distribution files...
[==================================================] 100%
Distributions: 0/0 items
... completed

Importing errata...
[-]

real	137m54.013s
user	2m15.931s
sys	0m8.416s
Comment 8 Preethi Thomas 2013-09-10 11:44:08 EDT
2.2 released
http://repos.fedorapeople.org/repos/pulp/pulp/stable/2.2/

Note You need to log in before you can comment on or make changes to this bug.