[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Pulp-list] goferd on consumers cannot connect to pulp server's queue after 2.7 -> 2.8 upgrade



On pulp-server:

[root nms pulp]# LANG=C ls -l
total 16
-rw-r-----. 1 root   apache 1021 Mar 24 23:47 ca.crt
-rw-r-----. 1 root   apache 1675 Mar 24 23:47 ca.key
drwxr-xr-x. 2 apache apache   33 Mar 15 08:32 content
-rw-r-----. 1 root   apache 1675 Mar 24 23:47 rsa.key
-rw-r--r--. 1 root   apache  451 Mar 24 23:47 rsa_pub.key

[root nms pulp]# grep pulp /var/log/yum.log
Mar 24 23:45:53 Erased: pulp-puppet-plugins-2.7.1-1.el7.noarch
Mar 24 23:45:54 Erased: pulp-rpm-plugins-2.7.1-1.el7.noarch
Mar 24 23:46:13 Erased: pulp-server-2.7.1-1.el7.noarch
Mar 24 23:47:00 Updated: python-pulp-common-2.8.0-1.el7.noarch
Mar 24 23:47:01 Updated: python-pulp-repoauth-2.8.0-1.el7.noarch
Mar 24 23:47:03 Updated: python-pulp-rpm-common-2.8.0-1.el7.noarch
Mar 24 23:47:03 Updated: python-pulp-client-lib-2.8.0-1.el7.noarch
Mar 24 23:47:04 Updated: python-pulp-puppet-common-2.8.0-1.el7.noarch
Mar 24 23:47:04 Installed: python-pulp-docker-common-2.0.0-1.el7.noarch
Mar 24 23:47:05 Updated: python-pulp-bindings-2.8.0-1.el7.noarch
Mar 24 23:47:06 Updated: pulp-admin-client-2.8.0-1.el7.noarch
Mar 24 23:47:14 Installed: pulp-server-2.8.0-1.el7.noarch
Mar 24 23:47:15 Installed: pulp-docker-plugins-2.0.0-1.el7.noarch
Mar 24 23:47:16 Updated: pulp-rpm-admin-extensions-2.8.0-1.el7.noarch
Mar 24 23:47:17 Updated: pulp-puppet-admin-extensions-2.8.0-1.el7.noarch
Mar 24 23:47:18 Updated: python-pulp-oid_validation-2.8.0-1.el7.noarch
Mar 24 23:49:01 Updated: pulp-selinux-2.8.0-1.el7.noarch
Mar 25 00:01:40 Installed: pulp-rpm-plugins-2.8.0-1.el7.noarch
Mar 25 04:31:03 Обновлено: python-kombu.noarch 1:3.0.33-4.pulp.el7
Mar 25 04:31:13 Установлено: pulp-docker-admin-extensions.noarch 2.0.0-1.el7

On pulp-consumer key was not changed since pulp-consumer installation time (June 2015)

I think the root cause for this is here -> http://pulp.readthedocs.org/en/latest/user-guide/release-notes/2.8.x.html#upgrade-instructions-for-2-7-x-2-8-x. Removing python-semantic-version package causes removal of pulp-server package. Later on when I reinstalled server, certificates were updated as well

Discussion thread is here -> https://www.redhat.com/archives/pulp-list/2016-March/msg00078.html


2016-04-05 16:32 GMT+03:00 Jeff Ortel <jortel redhat com>:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256



On 04/04/2016 09:53 AM, Konstantin M. Khankin wrote:
> Hi Jeff!
>
> [root drone ~]# pulp-consumer -v history
> +----------------------------------------------------------------------+ Consumer History [drone]
> +----------------------------------------------------------------------+
>
> 2016-04-04 19:46:18,164 - ERROR - Client-side exception occurred Traceback (most recent call last): File
> "/usr/lib/python2.7/site-packages/pulp/client/extensions/core.py", line 474, in run exit_code =
> Cli.run(self, args) File "/usr/lib/python2.7/site-packages/okaara/cli.py", line 974, in run exit_code =
> command_or_section.execute(self.prompt, remaining_args) File
> "/usr/lib/python2.7/site-packages/pulp/client/extensions/extensions.py", line 210, in execute return
> self.method(*arg_list, **clean_kwargs) File
> "/usr/lib/python2.7/site-packages/pulp/client/consumer/cli.py", line 367, in history
> kwargs['start-date'], kwargs['end-date']).response_body File
> "/usr/lib/python2.7/site-packages/pulp/bindings/consumer.py", line 199, in history return
> self.server.GET(path, queries) File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 92,
> in GET return self._request('GET', path, queries, ignore_prefix=ignore_prefix) File
> "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 152, in _request response_code,
> response_body = self.server_wrapper.request(method, url, body) File
> "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 349, in request raise
> exceptions.ConnectionException(None, str(err), None) ConnectionException: (None, 'tlsv1 alert decrypt
> error', None) An error occurred attempting to contact the server. More information may be found using the
> -v flag.
>
> /etc/pulp/consumer/consumer.conf looks correct (correct server name and verify_ssl: False). Checked on a
> server - httpd's configs pulp.conf and pulp.conf.rpmsave have no differences in SSL section.
> .pulp/consumer.log does not contain any recent records
>
> I just think that maybe I need to re-register my consumers... But then again why could it have happened?

I wonder if the /etc/pki/pulp/ca.* got updated somehow during the upgrade.  Can you check the date on those
files?

>
> 2016-04-04 17:21 GMT+03:00 Jeff Ortel <jortel redhat com <mailto:jortel redhat com>>:
>
> Konstantin,
>
> The agent validates registration by making a REST API call to the server using the consumer certificate.
> On the consumer, can you try running a pulp-consumer command?
>
> For example:
>
> $ pulp-consumer history
>
> Thanks,
>
> Jeff
>
> On 04/02/2016 04:51 PM, Konstantin M. Khankin wrote:
>> Hello!
>
>> After 2.7->2.8 upgrade all consumers cannot talk to pulp server - goferd returns the next error on any
>> operation: [WARNING][MainThread] pulp.agent.gofer.pulpplugin:107 - validate registration failed:
>> (None, 'tlsv1 alert decrypt error', None)
>
>> I didn't change any keys or configs. Logs also do not help. What could went wrong?
>
>> Thanks!
>
>> -- Konstantin Khankin
>
>
>> _______________________________________________ Pulp-list mailing list Pulp-list redhat com
> <mailto:Pulp-list redhat com>
>> https://www.redhat.com/mailman/listinfo/pulp-list
>
>
>
>
>
> -- Ханкин Константин
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXA75YAAoJEM9lW7UwFwZXOmEP/1u9qM6qS5waUjOZFPKwdRet
ZGuqECMY2Eu/PSFB9TSfU/RHvIdUcJce73WhvIKdg8lZ576WmEJQCPLRH4ocFDo+
8jP22voFuEkxfg2pAfeRSNle354vn4l1XMD7vlqscD6Z8opnQSkWNowJ2jb1tWSI
lY8zyAt/MbMAwsKI0NaAQhI4ORz99TjVpATEXGvFxsFZeYdHB3EW9o5iAgTl0mqo
vSp8yaAiCROjWqCjfYpnBk9z8T0sPctCEOtu81fYLJOzYehl51PjwRF0lOt/LYTl
bvQ2KfG1yThFz168eP7UROm63SLxv+B27K/QVIy5LfX9Zzcam6WudZ0rukWWGYur
OMQrXIlZhxjbk6uA9QYwS359S9e5DREtZTVgX9ZTUZ+3EWlCsAIn7ei9LGwoVTwC
uuQbdS0tcKYNLAHRlttGBPHeC2sQp90H3Pdl2LxyyANZ6mR7prBmVQxkWpb7ujSC
FXuUgEXnQz5aRRaETEQEUicYBfnHXYeqVLvxLlyNw9lDFk/tOg/7FAunXZi1sqVL
YfLaJICRvtihcTH3+CpLQ+S8sD4IG7Akg/v4aCUm4livOXoDN8jV0ysTzvNnBk5n
rvKM0py6wKLGd6FIbjWmb1hXwGsLmuvEkuRJJbMQdIySEv9lLBFwxpSIUfZVO/ie
IzggUNc0+mXTbLzMpBaj
=Pfx5
-----END PGP SIGNATURE-----



--
Ханкин Константин

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]