Error syncing puppet6 repository

Problem: Receiving errors when it attempts to sync puppet6 repo

Expected outcome: Sync to completion without error

Foreman and Proxy versions: 2.3.3

Foreman and Proxy plugin versions: Katello 3.18.1

Distribution and version: CentOS 7

Other relevant data:
Brand new install. Receiving this error when it syncs:
Package pdk-0:1.10.0.0-1.el7.x86_64 does not contain allowed checksum type, thus can’t be published. Checksum must be one of allowed types: [‘md5’, ‘sha1’, ‘sha224’, ‘sha256’, ‘sha384’, ‘sha512’].
You can adjust these with the ‘ALLOWED_CONTENT_CHECKSUMS’ setting.

I am new to this and had no issues adding in CentOS 7, EPEL7, and the foreman repos. Only had this problem with puppet6 yum repo and everything looks fine to me. If I look at the currently published Content View I can see that the puppet packages show up there. If I navigate to the published URL for that repo the only contents are a file “config.repo” and the “repodata/” folder.

1 Like

The same error happened when I synced with puppet7 repositories

Mar 23 21:56:32 foreman2 pulpcore-api: - - [24/Mar/2021:00:56:32 +0000] “POST /pulp/api/v3/publications/rpm/rpm/ HTTP/1.1” 202 67 “-” “OpenAPI-Generator/3.7.0/ruby”
Mar 23 21:56:32 foreman2 pulpcore-resource-manager: pulp: rq.worker:INFO: resource-manager: 1cbaec9e-62f8-42d7-915e-ed2ca0931a20
Mar 23 21:56:32 foreman2 pulpcore-worker-2: pulp: rq.worker:INFO: 1016@foreman2.home: 15ed49aa-3eb7-416e-95f3-8d8b602b7a07
Mar 23 21:56:32 foreman2 pulpcore-resource-manager: pulp: rq.worker:INFO: resource-manager: Job OK (1cbaec9e-62f8-42d7-915e-ed2ca0931a20)
Mar 23 21:56:32 foreman2 pulpcore-worker-2: pulp: pulp_rpm.app.tasks.publishing:INFO: Publishing: repository=Puppet-488347, version=2
Mar 23 21:56:32 foreman2 pulpcore-api: - - [24/Mar/2021:00:56:32 +0000] “GET /pulp/api/v3/tasks/15ed49aa-3eb7-416e-95f3-8d8b602b7a07/ HTTP/1.1” 200 534 “-” “OpenAPI-Generator/3.7.1/ruby”
Mar 23 21:56:34 foreman2 pulpcore-worker-2: pulp: rq.worker:ERROR: Traceback (most recent call last):
Mar 23 21:56:34 foreman2 pulpcore-worker-2: File “/usr/lib/python3.6/site-packages/rq/worker.py”, line 936, in perform_job
Mar 23 21:56:34 foreman2 pulpcore-worker-2: rv = job.perform()
Mar 23 21:56:34 foreman2 pulpcore-worker-2: File “/usr/lib/python3.6/site-packages/rq/job.py”, line 684, in perform
Mar 23 21:56:34 foreman2 pulpcore-worker-2: self._result = self._execute()
Mar 23 21:56:34 foreman2 pulpcore-worker-2: File “/usr/lib/python3.6/site-packages/rq/job.py”, line 690, in _execute
Mar 23 21:56:34 foreman2 pulpcore-worker-2: return self.func(*self.args, **self.kwargs)
Mar 23 21:56:34 foreman2 pulpcore-worker-2: File “/usr/lib/python3.6/site-packages/pulp_rpm/app/tasks/publishing.py”, line 319, in publish
Mar 23 21:56:34 foreman2 pulpcore-worker-2: metadata_signing_service=metadata_signing_service,
Mar 23 21:56:34 foreman2 pulpcore-worker-2: File “/usr/lib/python3.6/site-packages/pulp_rpm/app/tasks/publishing.py”, line 432, in create_repomd_xml
Mar 23 21:56:34 foreman2 pulpcore-worker-2: ca.content.rpm_package.nevra, ALLOWED_CHECKSUM_ERROR_MSG
Mar 23 21:56:34 foreman2 pulpcore-worker-2: ValueError: Package puppet-bolt-0:1.48.0-1.el7.x86_64 does not contain allowed checksum type, thus can’t be published. Checksum must be one of allowed types: [‘md5’, ‘sha1’, ‘sha224’, ‘sha256’, ‘sha384’, ‘sha512’].
Mar 23 21:56:34 foreman2 pulpcore-worker-2: You can adjust these with the ‘ALLOWED_CONTENT_CHECKSUMS’ setting.
Mar 23 21:56:34 foreman2 pulpcore-worker-2: Traceback (most recent call last):
Mar 23 21:56:34 foreman2 pulpcore-worker-2: File “/usr/lib/python3.6/site-packages/rq/worker.py”, line 936, in perform_job
Mar 23 21:56:34 foreman2 pulpcore-worker-2: rv = job.perform()
Mar 23 21:56:34 foreman2 pulpcore-worker-2: File “/usr/lib/python3.6/site-packages/rq/job.py”, line 684, in perform
Mar 23 21:56:34 foreman2 pulpcore-worker-2: self._result = self._execute()
Mar 23 21:56:34 foreman2 pulpcore-worker-2: File “/usr/lib/python3.6/site-packages/rq/job.py”, line 690, in _execute
Mar 23 21:56:34 foreman2 pulpcore-worker-2: return self.func(*self.args, **self.kwargs)
Mar 23 21:56:34 foreman2 pulpcore-worker-2: File “/usr/lib/python3.6/site-packages/pulp_rpm/app/tasks/publishing.py”, line 319, in publish
Mar 23 21:56:34 foreman2 pulpcore-worker-2: metadata_signing_service=metadata_signing_service,
Mar 23 21:56:34 foreman2 pulpcore-worker-2: File “/usr/lib/python3.6/site-packages/pulp_rpm/app/tasks/publishing.py”, line 432, in create_repomd_xml
Mar 23 21:56:34 foreman2 pulpcore-worker-2: ca.content.rpm_package.nevra, ALLOWED_CHECKSUM_ERROR_MSG

I’m facing the same trouble here
My diagnostic is that according to https://yum.puppetlabs.com/puppet6/el/7/x86_64/repodata/repomd.xml the checksums type for puppet repositories is “sha” which is not an ‘ALLOWED_CONTENT_CHECKSUMS’
Is there someone to tell us how to modify this setting without break pulp ?

@Pulp : Does this seem like a repo signing issue or something that needs to be handled by pulp?

From what I was able to find, it’s defined in the following files:

[root@deploy ~]# grep -rl ALLOWED_CONTENT_CHECKSUMS /usr/lib/python3.6/site-packages/  | grep -v pyc
/usr/lib/python3.6/site-packages/pulpcore/app/models/content.py
/usr/lib/python3.6/site-packages/pulpcore/app/settings.py
/usr/lib/python3.6/site-packages/pulpcore/tests/functional/api/test_crd_artifacts.py
/usr/lib/python3.6/site-packages/pulp_2to3_migration/app/settings.py
/usr/lib/python3.6/site-packages/pulp_rpm/app/serializers/repository.py
/usr/lib/python3.6/site-packages/pulp_rpm/app/tasks/publishing.py
/usr/lib/python3.6/site-packages/pulp_rpm/app/constants.py
/usr/lib/python3.6/site-packages/pulp_rpm/tests/functional/api/test_publish.py

However, I tried editing a few of the files in which the array with the different checksums is defined, but I could not make Pulp process the puppet6 repo…

This appears to be a Pulp 3 bug. Perhaps you should report it @ Overview - Pulp.

You should not edit the sources for this. ALLOWED_CONTENT_CHECKSUMS is a setting and belongs in /etc/pulp/settings.py if you want to override this. Note that the installer will remove it again, but it can be a good workaround while we fix the code.

I m facing the same error, but for one of private repository. Is this connected that in repodate there is

<open-checksum type="sha" pkgid="YES">2a5e202f59a6679500efab3192db92b066136bb9</open-checksum>
<open-size>5194</open-size>

<revision/>

and

open-checksum type=“sha”

should be changed with sha256 ?

I think sha is an alias of sha1 and would expect Pulp to handle it. Hence why I think it’s an application bug.

@jost yours appears to be a 160-bit checksum, i.e. SHA-1.

Adding an ALLOWED_CONTENT_CHECKSUMS that includes sha didn’t work for me unfortunately – I end up with

There was an issue with the backend service pulp3: 502 Bad Gateway

because pulpcore-resource-manager.service failed to start from

django.core.exceptions.ImproperlyConfigured: ALLOWED_CONTENT_CHECKSUMS may only contain algorithms known to pulp - see constants.ALL_KNOWN_CONTENT_CHECKSUMS for the allowed list. Unknown algorithms provided: {‘sha’}

I have yet to investigate how difficult the patch would be.