Error syncing puppet6 repository

DigitalTendencies · March 16, 2021, 10:21pm

Problem: Receiving errors when it attempts to sync puppet6 repo

Expected outcome: Sync to completion without error

Foreman and Proxy versions: 2.3.3

Foreman and Proxy plugin versions: Katello 3.18.1

Distribution and version: CentOS 7

Other relevant data:
Brand new install. Receiving this error when it syncs:
Package pdk-0:1.10.0.0-1.el7.x86_64 does not contain allowed checksum type, thus can’t be published. Checksum must be one of allowed types: [‘md5’, ‘sha1’, ‘sha224’, ‘sha256’, ‘sha384’, ‘sha512’].
You can adjust these with the ‘ALLOWED_CONTENT_CHECKSUMS’ setting.

I am new to this and had no issues adding in CentOS 7, EPEL7, and the foreman repos. Only had this problem with puppet6 yum repo and everything looks fine to me. If I look at the currently published Content View I can see that the puppet packages show up there. If I navigate to the published URL for that repo the only contents are a file “config.repo” and the “repodata/” folder.

lqmello · March 23, 2021, 7:44am

The same error happened when I synced with puppet7 repositories

lqmello · March 24, 2021, 12:58am

Mar 23 21:56:32 foreman2 pulpcore-api: - - [24/Mar/2021:00:56:32 +0000] “POST /pulp/api/v3/publications/rpm/rpm/ HTTP/1.1” 202 67 “-” “OpenAPI-Generator/3.7.0/ruby”
Mar 23 21:56:32 foreman2 pulpcore-resource-manager: pulp: rq.worker:INFO: resource-manager: 1cbaec9e-62f8-42d7-915e-ed2ca0931a20
Mar 23 21:56:32 foreman2 pulpcore-worker-2: pulp: rq.worker:INFO: 1016@foreman2.home: 15ed49aa-3eb7-416e-95f3-8d8b602b7a07
Mar 23 21:56:32 foreman2 pulpcore-resource-manager: pulp: rq.worker:INFO: resource-manager: Job OK (1cbaec9e-62f8-42d7-915e-ed2ca0931a20)
Mar 23 21:56:32 foreman2 pulpcore-worker-2: pulp: pulp_rpm.app.tasks.publishing:INFO: Publishing: repository=Puppet-488347, version=2
Mar 23 21:56:32 foreman2 pulpcore-api: - - [24/Mar/2021:00:56:32 +0000] “GET /pulp/api/v3/tasks/15ed49aa-3eb7-416e-95f3-8d8b602b7a07/ HTTP/1.1” 200 534 “-” “OpenAPI-Generator/3.7.1/ruby”
Mar 23 21:56:34 foreman2 pulpcore-worker-2: pulp: rq.worker:ERROR: Traceback (most recent call last):
Mar 23 21:56:34 foreman2 pulpcore-worker-2: File “/usr/lib/python3.6/site-packages/rq/worker.py”, line 936, in perform_job
Mar 23 21:56:34 foreman2 pulpcore-worker-2: rv = job.perform()
Mar 23 21:56:34 foreman2 pulpcore-worker-2: File “/usr/lib/python3.6/site-packages/rq/job.py”, line 684, in perform
Mar 23 21:56:34 foreman2 pulpcore-worker-2: self._result = self._execute()
Mar 23 21:56:34 foreman2 pulpcore-worker-2: File “/usr/lib/python3.6/site-packages/rq/job.py”, line 690, in _execute
Mar 23 21:56:34 foreman2 pulpcore-worker-2: return self.func(*self.args, **self.kwargs)
Mar 23 21:56:34 foreman2 pulpcore-worker-2: File “/usr/lib/python3.6/site-packages/pulp_rpm/app/tasks/publishing.py”, line 319, in publish
Mar 23 21:56:34 foreman2 pulpcore-worker-2: metadata_signing_service=metadata_signing_service,
Mar 23 21:56:34 foreman2 pulpcore-worker-2: File “/usr/lib/python3.6/site-packages/pulp_rpm/app/tasks/publishing.py”, line 432, in create_repomd_xml
Mar 23 21:56:34 foreman2 pulpcore-worker-2: ca.content.rpm_package.nevra, ALLOWED_CHECKSUM_ERROR_MSG
Mar 23 21:56:34 foreman2 pulpcore-worker-2: ValueError: Package puppet-bolt-0:1.48.0-1.el7.x86_64 does not contain allowed checksum type, thus can’t be published. Checksum must be one of allowed types: [‘md5’, ‘sha1’, ‘sha224’, ‘sha256’, ‘sha384’, ‘sha512’].
Mar 23 21:56:34 foreman2 pulpcore-worker-2: You can adjust these with the ‘ALLOWED_CONTENT_CHECKSUMS’ setting.
Mar 23 21:56:34 foreman2 pulpcore-worker-2: Traceback (most recent call last):
Mar 23 21:56:34 foreman2 pulpcore-worker-2: File “/usr/lib/python3.6/site-packages/rq/worker.py”, line 936, in perform_job
Mar 23 21:56:34 foreman2 pulpcore-worker-2: rv = job.perform()
Mar 23 21:56:34 foreman2 pulpcore-worker-2: File “/usr/lib/python3.6/site-packages/rq/job.py”, line 684, in perform
Mar 23 21:56:34 foreman2 pulpcore-worker-2: self._result = self._execute()
Mar 23 21:56:34 foreman2 pulpcore-worker-2: File “/usr/lib/python3.6/site-packages/rq/job.py”, line 690, in _execute
Mar 23 21:56:34 foreman2 pulpcore-worker-2: return self.func(*self.args, **self.kwargs)
Mar 23 21:56:34 foreman2 pulpcore-worker-2: File “/usr/lib/python3.6/site-packages/pulp_rpm/app/tasks/publishing.py”, line 319, in publish
Mar 23 21:56:34 foreman2 pulpcore-worker-2: metadata_signing_service=metadata_signing_service,
Mar 23 21:56:34 foreman2 pulpcore-worker-2: File “/usr/lib/python3.6/site-packages/pulp_rpm/app/tasks/publishing.py”, line 432, in create_repomd_xml
Mar 23 21:56:34 foreman2 pulpcore-worker-2: ca.content.rpm_package.nevra, ALLOWED_CHECKSUM_ERROR_MSG

GC29 · April 7, 2021, 2:02pm

I’m facing the same trouble here
My diagnostic is that according to https://yum.puppetlabs.com/puppet6/el/7/x86_64/repodata/repomd.xml the checksums type for puppet repositories is “sha” which is not an ‘ALLOWED_CONTENT_CHECKSUMS’
Is there someone to tell us how to modify this setting without break pulp ?

sajha · April 7, 2021, 6:01pm

@Pulp : Does this seem like a repo signing issue or something that needs to be handled by pulp?

Thulium-Drake · April 8, 2021, 10:48pm

From what I was able to find, it’s defined in the following files:

[root@deploy ~]# grep -rl ALLOWED_CONTENT_CHECKSUMS /usr/lib/python3.6/site-packages/  | grep -v pyc
/usr/lib/python3.6/site-packages/pulpcore/app/models/content.py
/usr/lib/python3.6/site-packages/pulpcore/app/settings.py
/usr/lib/python3.6/site-packages/pulpcore/tests/functional/api/test_crd_artifacts.py
/usr/lib/python3.6/site-packages/pulp_2to3_migration/app/settings.py
/usr/lib/python3.6/site-packages/pulp_rpm/app/serializers/repository.py
/usr/lib/python3.6/site-packages/pulp_rpm/app/tasks/publishing.py
/usr/lib/python3.6/site-packages/pulp_rpm/app/constants.py
/usr/lib/python3.6/site-packages/pulp_rpm/tests/functional/api/test_publish.py

However, I tried editing a few of the files in which the array with the different checksums is defined, but I could not make Pulp process the puppet6 repo…

ekohl · April 10, 2021, 1:18pm

This appears to be a Pulp 3 bug. Perhaps you should report it @ Overview - Pulp.

You should not edit the sources for this. ALLOWED_CONTENT_CHECKSUMS is a setting and belongs in /etc/pulp/settings.py if you want to override this. Note that the installer will remove it again, but it can be a good workaround while we fix the code.

jost · April 13, 2021, 2:05pm

I m facing the same error, but for one of private repository. Is this connected that in repodate there is

<open-checksum type="sha" pkgid="YES">2a5e202f59a6679500efab3192db92b066136bb9</open-checksum>

<open-size>5194</open-size>

<revision/>

and

open-checksum type=“sha”

should be changed with sha256 ?

ekohl · April 13, 2021, 3:27pm

I think sha is an alias of sha1 and would expect Pulp to handle it. Hence why I think it’s an application bug.

quartsize · April 16, 2021, 8:54pm

@jost yours appears to be a 160-bit checksum, i.e. SHA-1.

Adding an ALLOWED_CONTENT_CHECKSUMS that includes sha didn’t work for me unfortunately – I end up with

There was an issue with the backend service pulp3: 502 Bad Gateway

because pulpcore-resource-manager.service failed to start from

django.core.exceptions.ImproperlyConfigured: ALLOWED_CONTENT_CHECKSUMS may only contain algorithms known to pulp - see constants.ALL_KNOWN_CONTENT_CHECKSUMS for the allowed list. Unknown algorithms provided: {‘sha’}

I have yet to investigate how difficult the patch would be.

quartsize · May 5, 2021, 2:26pm

I just successfully synched Index of /puppet6/el/8/x86_64 with Katello 4.

MrD · May 10, 2021, 11:06am

I changed the “yum metadata checksum” to sha1 for the repo (via the gui) and it then synced OK.Didn’t work before I did this and I’ve never had to do this for any other repo I have setup to sync.
This was on versions:
pulp-server-2.21.5-1
foreman-2.3.3-1
katello-3.18.2-1

macado · December 3, 2021, 4:58pm

Anyone ever find a solution to this? I’m running into the same problem with Puppet6 repos in my Katello 3.18 environment.

I’m also hitting the same issue with MySQL repos

Package matching query does not exist.Package pdk-0:1.18.0.0-1.el8.x86_64 as content unit 093820dd-7874-4056-8292-621bc592ef5f contains forbidden checksum type ‘sha’, thus can’t be published. Checksum must be one of the allowed checksum types.
You can adjust these with the ‘ALLOWED_CONTENT_CHECKSUMS’ setting.

I tried adding sha1 to /etc/pulp/settings.py. Adding “sha” breaks pulp.

JoeGTN1 · February 8, 2022, 10:04pm

I finally got mine fixed:

Set the download policy to immediate
Set the yum metadata checksum to sha1

Then, I got an error about a pkg-id conflict, to fix this I:

hammer package list --organization-id= --product=“Puppet 6”
hammer -v repository remove-content --id= --organization-id= --ids=
hammer content-view list
hammer content-view purge --id --count 0
foreman-rake katello:delete_orphaned_content

Try the sync again, and it finally worked.