[Pulp-list] goferd on consumers cannot connect to pulp server's queue after 2.7 -> 2.8 upgrade

Konstantin M. Khankin khankin.konstantin at gmail.com
Tue Apr 5 19:40:09 UTC 2016 

On pulp-server:

[root at nms pulp]# LANG=C ls -l
total 16
-rw-r-----. 1 root   apache 1021 *Mar 24* 23:47 ca.crt
-rw-r-----. 1 root   apache 1675 *Mar 24* 23:47 ca.key
drwxr-xr-x. 2 apache apache   33 Mar 15 08:32 content
-rw-r-----. 1 root   apache 1675 *Mar 24* 23:47 rsa.key
-rw-r--r--. 1 root   apache  451 *Mar 24* 23:47 rsa_pub.key

[root at nms pulp]# grep pulp /var/log/yum.log
Mar 24 23:45:53 Erased: pulp-puppet-plugins-2.7.1-1.el7.noarch
Mar 24 23:45:54 Erased: pulp-rpm-plugins-2.7.1-1.el7.noarch
Mar 24 23:46:13 Erased: pulp-server-2.7.1-1.el7.noarch
Mar 24 23:47:00 Updated: python-pulp-common-2.8.0-1.el7.noarch
Mar 24 23:47:01 Updated: python-pulp-repoauth-2.8.0-1.el7.noarch
Mar 24 23:47:03 Updated: python-pulp-rpm-common-2.8.0-1.el7.noarch
Mar 24 23:47:03 Updated: python-pulp-client-lib-2.8.0-1.el7.noarch
Mar 24 23:47:04 Updated: python-pulp-puppet-common-2.8.0-1.el7.noarch
Mar 24 23:47:04 Installed: python-pulp-docker-common-2.0.0-1.el7.noarch
Mar 24 23:47:05 Updated: python-pulp-bindings-2.8.0-1.el7.noarch
Mar 24 23:47:06 Updated: pulp-admin-client-2.8.0-1.el7.noarch
*Mar 24 23:47:14 Installed: pulp-server-2.8.0-1.el7.noarch*
Mar 24 23:47:15 Installed: pulp-docker-plugins-2.0.0-1.el7.noarch
Mar 24 23:47:16 Updated: pulp-rpm-admin-extensions-2.8.0-1.el7.noarch
Mar 24 23:47:17 Updated: pulp-puppet-admin-extensions-2.8.0-1.el7.noarch
Mar 24 23:47:18 Updated: python-pulp-oid_validation-2.8.0-1.el7.noarch
Mar 24 23:49:01 Updated: pulp-selinux-2.8.0-1.el7.noarch
Mar 25 00:01:40 Installed: pulp-rpm-plugins-2.8.0-1.el7.noarch
Mar 25 04:31:03 Обновлено: python-kombu.noarch 1:3.0.33-4.pulp.el7
Mar 25 04:31:13 Установлено: pulp-docker-admin-extensions.noarch 2.0.0-1.el7

On pulp-consumer key was not changed since pulp-consumer installation time
(June 2015)

I think the root cause for this is here ->
http://pulp.readthedocs.org/en/latest/user-guide/release-notes/2.8.x.html#upgrade-instructions-for-2-7-x-2-8-x.
Removing python-semantic-version package causes removal of pulp-server
package. Later on when I reinstalled server, certificates were updated as
well

Discussion thread is here ->
https://www.redhat.com/archives/pulp-list/2016-March/msg00078.html


2016-04-05 16:32 GMT+03:00 Jeff Ortel <jortel at redhat.com>:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
>
>
> On 04/04/2016 09:53 AM, Konstantin M. Khankin wrote:
> > Hi Jeff!
> >
> > [root at drone ~]# pulp-consumer -v history
> > +----------------------------------------------------------------------+
> Consumer History [drone]
> > +----------------------------------------------------------------------+
> >
> > 2016-04-04 19:46:18,164 - ERROR - Client-side exception occurred
> Traceback (most recent call last): File
> > "/usr/lib/python2.7/site-packages/pulp/client/extensions/core.py", line
> 474, in run exit_code =
> > Cli.run(self, args) File
> "/usr/lib/python2.7/site-packages/okaara/cli.py", line 974, in run
> exit_code =
> > command_or_section.execute(self.prompt, remaining_args) File
> > "/usr/lib/python2.7/site-packages/pulp/client/extensions/extensions.py",
> line 210, in execute return
> > self.method(*arg_list, **clean_kwargs) File
> > "/usr/lib/python2.7/site-packages/pulp/client/consumer/cli.py", line
> 367, in history
> > kwargs['start-date'], kwargs['end-date']).response_body File
> > "/usr/lib/python2.7/site-packages/pulp/bindings/consumer.py", line 199,
> in history return
> > self.server.GET(path, queries) File
> "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 92,
> > in GET return self._request('GET', path, queries,
> ignore_prefix=ignore_prefix) File
> > "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 152, in
> _request response_code,
> > response_body = self.server_wrapper.request(method, url, body) File
> > "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 349, in
> request raise
> > exceptions.ConnectionException(None, str(err), None)
> ConnectionException: (None, 'tlsv1 alert decrypt
> > error', None) An error occurred attempting to contact the server. More
> information may be found using the
> > -v flag.
> >
> > /etc/pulp/consumer/consumer.conf looks correct (correct server name and
> verify_ssl: False). Checked on a
> > server - httpd's configs pulp.conf and pulp.conf.rpmsave have no
> differences in SSL section.
> > .pulp/consumer.log does not contain any recent records
> >
> > I just think that maybe I need to re-register my consumers... But then
> again why could it have happened?
>
> I wonder if the /etc/pki/pulp/ca.* got updated somehow during the
> upgrade.  Can you check the date on those
> files?
>
> >
> > 2016-04-04 17:21 GMT+03:00 Jeff Ortel <jortel at redhat.com <mailto:
> jortel at redhat.com>>:
> >
> > Konstantin,
> >
> > The agent validates registration by making a REST API call to the server
> using the consumer certificate.
> > On the consumer, can you try running a pulp-consumer command?
> >
> > For example:
> >
> > $ pulp-consumer history
> >
> > Thanks,
> >
> > Jeff
> >
> > On 04/02/2016 04:51 PM, Konstantin M. Khankin wrote:
> >> Hello!
> >
> >> After 2.7->2.8 upgrade all consumers cannot talk to pulp server -
> goferd returns the next error on any
> >> operation: [WARNING][MainThread] pulp.agent.gofer.pulpplugin:107 -
> validate registration failed:
> >> (None, 'tlsv1 alert decrypt error', None)
> >
> >> I didn't change any keys or configs. Logs also do not help. What could
> went wrong?
> >
> >> Thanks!
> >
> >> -- Konstantin Khankin
> >
> >
> >> _______________________________________________ Pulp-list mailing list
> Pulp-list at redhat.com
> > <mailto:Pulp-list at redhat.com>
> >> https://www.redhat.com/mailman/listinfo/pulp-list
> >
> >
> >
> >
> >
> > -- Ханкин Константин
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJXA75YAAoJEM9lW7UwFwZXOmEP/1u9qM6qS5waUjOZFPKwdRet
> ZGuqECMY2Eu/PSFB9TSfU/RHvIdUcJce73WhvIKdg8lZ576WmEJQCPLRH4ocFDo+
> 8jP22voFuEkxfg2pAfeRSNle354vn4l1XMD7vlqscD6Z8opnQSkWNowJ2jb1tWSI
> lY8zyAt/MbMAwsKI0NaAQhI4ORz99TjVpATEXGvFxsFZeYdHB3EW9o5iAgTl0mqo
> vSp8yaAiCROjWqCjfYpnBk9z8T0sPctCEOtu81fYLJOzYehl51PjwRF0lOt/LYTl
> bvQ2KfG1yThFz168eP7UROm63SLxv+B27K/QVIy5LfX9Zzcam6WudZ0rukWWGYur
> OMQrXIlZhxjbk6uA9QYwS359S9e5DREtZTVgX9ZTUZ+3EWlCsAIn7ei9LGwoVTwC
> uuQbdS0tcKYNLAHRlttGBPHeC2sQp90H3Pdl2LxyyANZ6mR7prBmVQxkWpb7ujSC
> FXuUgEXnQz5aRRaETEQEUicYBfnHXYeqVLvxLlyNw9lDFk/tOg/7FAunXZi1sqVL
> YfLaJICRvtihcTH3+CpLQ+S8sD4IG7Akg/v4aCUm4livOXoDN8jV0ysTzvNnBk5n
> rvKM0py6wKLGd6FIbjWmb1hXwGsLmuvEkuRJJbMQdIySEv9lLBFwxpSIUfZVO/ie
> IzggUNc0+mXTbLzMpBaj
> =Pfx5
> -----END PGP SIGNATURE-----
>



-- 
Ханкин Константин
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20160405/75ed9646/attachment.htm>

More information about the Pulp-list mailing list