RestClient::SSLCertificateNotVerified on Actions::Katello::Repository::CheckMatchingContent for Actions::Katello::ContentView::Publish

RazorTheBeaver · May 25, 2021, 1:58pm

Problem:
RestClient::SSLCertificateNotVerified

Foreman and Proxy plugin versions:

foreman-2.4.0-1.el7.noarch
foreman-cli-2.4.0-1.el7.noarch
foreman-debug-2.4.0-1.el7.noarch
foreman-dynflow-sidekiq-2.4.0-1.el7.noarch
foreman-installer-2.4.0-1.el7.noarch
foreman-installer-katello-2.4.0-1.el7.noarch
foreman-postgresql-2.4.0-1.el7.noarch
foreman-proxy-2.4.0-1.el7.noarch
foreman-release-2.4.0-1.el7.noarch
foreman-selinux-2.4.0-1.el7.noarch
foreman-service-2.4.0-1.el7.noarch
katello-4.0.0-1.el7.noarch
katello-certs-tools-2.7.3-1.el7.noarch
katello-client-bootstrap-1.7.6-1.el7.noarch
katello-common-4.0.0-1.el7.noarch
katello-debug-4.0.0-1.el7.noarch
katello-default-ca-1.0-1.noarch
katello-repos-4.0.0-1.el7.noarch
katello-selinux-4.0.0-1.el7.noarch
katello-server-ca-1.0-1.noarch

Distribution and version:
Red Hat Enterprise Linux Server release 7.9

Other relevant data:
I had published 5 content view version and the 6th the task got stuck with SSL Error.

There were no new certificat, no custom certificate,
Katello CA is Valid Not Before: May 11 12:05:27 2021 GMT and Not After : Jan 18 12:05:27 2038 GMT
content view is linked to a apt repository

I would like to be able to unlock this step.
Regards

RazorTheBeaver · June 4, 2021, 8:48am

OK,
I think it’s due to an unchage state of the repository.
I’m publishing a new version but nothing change inside the repo so I get the error above.
Regards,

Jonathon_Turel · June 4, 2021, 2:06pm

@RazorTheBeaver can you share any stack trace in /var/log/foreman/production.log or journalctl when you’re performing this action?

RazorTheBeaver · June 8, 2021, 10:55am

Hi @Jonathon_Turel,

This what I have from journactl and production.log: debug_view.log (34.1 KB)

My guess was I have this error when inside the repo nothing changed and i’m publishing an new view but i’m not 100% sure it’s the problem.

The think is, I have one repo (dep) which has fix packages and won’t get new packages and another repo (build_dev) which has packages regularly like two or three times per/day.
When I receive a new build deb packages, I publish a new view like that the packages can be upgrade on the machine.

Since I have added dep repository, I have pulp who got stuck on the “CheckMatchingContent”.
Finally I also got the same error when I published an new view when the build_dev didn’t get new packages.

Best regards,

sajha · June 8, 2021, 1:37pm

Did you do a pulp2-3 migration for the deb repos or is this a new box with katello 4.0?
I did open an issue here: Bug #32761: Deb repo calls pulp2 when checking published during matching content check - Katello - Foreman cause your logs seem to show the repo on pulp3 but check matching content checking for the repo on pulp2. That looks incorrect.

RazorTheBeaver · June 9, 2021, 12:48pm

Hi @sajha,
It’s a new box with katello 4.0.
On foreman interface, I have those information:

Backend System Status

pulp3

Installed Packages

pulp-client-1.0-1.noarch
pulpcore-selinux-1.2.4-1.el7.x86_64
python-pulp-manifest-2.21.0.5-1.el7sat.noarch
python3-pulp-certguard-1.1.0-1.el7.noarch
python3-pulp-container-2.2.1-1.el7.noarch
python3-pulp-deb-2.9.1-1.el7.noarch
python3-pulp-file-1.5.0-1.el7.noarch
python3-pulp-rpm-3.10.0-1.el7.noarch
python3-pulpcore-3.9.1-2.el7.noarch

RazorTheBeaver · August 23, 2021, 11:13am

Hi there,

Can I apply the fix without re-installing completely Foreman-Katello ?

Kind regards,

lfu · August 23, 2021, 12:08pm

Have you found the fix for your issue? What is it?
I would recommend a fresh new installation if you want to start it over again.

RazorTheBeaver · August 23, 2021, 12:15pm

Hi @lfu,

I guess the fix is Revision 366df38d - Fixes #32761 - Remove pulp2 call on deb repo content matching (#9396) - Katello - Foreman

Kr,

lfu · August 23, 2021, 12:22pm

You are right. Try apply the fix.
Good luck!

RazorTheBeaver · August 23, 2021, 12:53pm

Ok,
I’ve changed the script but it still raise SSLCertificateNotVerified.

There below you got the log.

ERROR-SSLCertificateNotVerified.log (13.0 KB)

Br,

lfu · August 23, 2021, 2:30pm

@sajha Could you please take a look at this when you get a chance? Thanks.

sajha · August 23, 2021, 3:00pm

I still see the various Runcible calls from the old code…The patch didn’t get through as far as I can tell…
Can you look at contents of the file katello/app/lib/actions/katello/repository/check_matching_content.rb and verify it’s calling target_repo_published instead of the old target_repo.published? on line 35?

RazorTheBeaver · August 23, 2021, 4:24pm

I think the line number doesn’t match what you are saying.

Anyway, this is what I have in check_matching_content.rb

RazorTheBeaver · August 23, 2021, 4:25pm

check_matching_content.log (3.3 KB)

sajha · August 23, 2021, 4:35pm

Could you restart your server once and try again?

RazorTheBeaver · August 24, 2021, 12:19pm

Thank you guys !
This is much better now.
Many thanks for your support, really appreciated.
Regards,