Univention Bugzilla – Bug 39325
appcenter does not handle CONNECT_ERROR
Last modified: 2018-07-31 15:35:53 CEST
4.0-3 errata313 (Walle) Die Ausführung des Kommandos appcenter/query ist fehlgeschlagen: Traceback (most recent call last): File "%PY2.7%/univention/management/console/base.py", line 282, in execute function(self, request) File "%PY2.7%/univention/management/console/modules/appcenter/__init__.py", line 81, in _decorated return func(self, request, *a, **kwargs) File "%PY2.7%/univention/management/console/modules/decorators.py", line 316, in _response result = _multi_response(self, request) File "%PY2.7%/univention/management/console/modules/decorators.py", line 460, in _response return list(function(self, iterator, *nones)) File "%PY2.7%/univention/management/console/modules/decorators.py", line 282, in _fake_func yield function(self, *args) File "%PY2.7%/univention/management/console/modules/appcenter/__init__.py", line 130, in query props = application.to_dict(self.package_manager, domainwide_managed, hosts) File "%PY2.7%/univention/management/console/modules/appcenter/decorators.py", line 56, in wrapper return func(*args, **kwargs) File "%PY2.7%/univention/management/console/modules/appcenter/app_center.py", line 943, in to_dict ldap_object = self.get_ldap_object() File "%PY2.7%/univention/management/console/modules/appcenter/decorators.py", line 97, in _decorated conn = connection() File "%PY2.7%/univention/management/console/modules/appcenter/decorators.py", line 74, in connection return _getMachineConnection(**kwargs) File "%PY2.7%/univention/admin/uldap.py", line 75, in getMachineConnection lo=univention.uldap.getMachineConnection(start_tls, decode_ignorelist=decode_ignorelist, ldap_master=ldap_master) File "%PY2.7%/univention/uldap.py", line 101, in getMachineConnection lo=access(host=ucr['ldap/master'], port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect) File "%PY2.7%/univention/uldap.py", line 177, in __init__ self.__open(ca_certfile) File "%PY2.7%/univention/uldap.py", line 215, in __open self.lo.start_tls_s() File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 884, in start_tls_s res = self._apply_method_s(SimpleLDAPObject.start_tls_s,*args,**kwargs) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s return func(self,*args,**kwargs) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 571, in start_tls_s return self._ldap_call(self._l.start_tls_s) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call result = func(*args,**kwargs) CONNECT_ERROR: {'info': 'error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (self signed certificate in certificate chain)', 'desc': 'Connect error'} Remark: letzte Tätigkeit: - Ändern des root cert auf 1. Cluster Knoten - Neustart des 1. Cluster Knoten - Neustart 2. Cluster Knoten - Aufrufen des APP-Centers
Reported again, 4.0-3 errata320 (Walle)
Reported again, 4.1-0 errata0 (Vahr)
Reported again, 4.1-1 errata140 (Vahr)
Reported again, 4.1-2 errata204 (Vahr) Die Ausführung des Kommandos appcenter/query ist fehlgeschlagen: Traceback (most recent call last): File "%PY2.7%/univention/management/console/base.py", line 283, in execute function(self, request) File "%PY2.7%/univention/management/console/modules/decorators.py", line 318, in _response result = _multi_response(self, request) File "%PY2.7%/univention/management/console/modules/decorators.py", line 462, in _response return list(function(self, iterator, *nones)) File "%PY2.7%/univention/management/console/modules/decorators.py", line 284, in _fake_func yield function(self, *args) File "%PY2.7%/univention/management/console/modules/appcenter/__init__.py", line 191, in query return domain.to_dict(apps) File "%PY2.7%/univention/appcenter/actions/domain.py", line 94, in to_dict lo, pos = self._get_ldap_connection(args=None, allow_machine_connection=True) File "%PY2.7%/univention/appcenter/actions/credentials.py", line 167, in _get_ldap_connection return self._get_admin_connection() File "%PY2.7%/univention/appcenter/actions/credentials.py", line 155, in _get_admin_connection return get_admin_connection() File "%PY2.7%/univention/appcenter/udm.py", line 118, in get_admin_connection return getAdminConnection() File "%PY2.7%/univention/admin/uldap.py", line 70, in getAdminConnection lo=univention.uldap.getAdminConnection(start_tls, decode_ignorelist=decode_ignorelist) File "%PY2.7%/univention/uldap.py", line 68, in getAdminConnection lo = access(host=ucr['ldap/master'], port=port, base=ucr['ldap/base'], binddn='cn=admin,' + ucr['ldap/base'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect) File "%PY2.7%/univention/uldap.py", line 178, in __init__ self.__open(ca_certfile) File "%PY2.7%/univention/uldap.py", line 216, in __open self.lo.start_tls_s() File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 884, in start_tls_s res = self._apply_method_s(SimpleLDAPObject.start_tls_s,*args,**kwargs) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s return func(self,*args,**kwargs) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 571, in start_tls_s return self._ldap_call(self._l.start_tls_s) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call result = func(*args,**kwargs) CONNECT_ERROR: {'info': 'error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (certificate is not yet valid)', 'desc': 'Connect error'}
Reported again, 4.1-2 errata206 (Vahr) CONNECT_ERROR: {'info': 'error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (self signed certificate in certificate chain)', 'desc': 'Connect error'}
Reported again, 4.1-2 errata209 (Vahr) Die Ausführung des Kommandos appcenter/get ist fehlgeschlagen: Traceback (most recent call last): File "%PY2.7%/univention/management/console/base.py", line 283, in execute function(self, request) File "%PY2.7%/univention/management/console/modules/decorators.py", line 190, in _response return function(self, request) File "%PY2.7%/univention/management/console/modules/decorators.py", line 318, in _response result = _multi_response(self, request) File "%PY2.7%/univention/management/console/modules/decorators.py", line 462, in _response return list(function(self, iterator, *nones)) File "%PY2.7%/univention/management/console/modules/decorators.py", line 284, in _fake_func yield function(self, *args) File "%PY2.7%/univention/management/console/modules/appcenter/__init__.py", line 248, in get return domain.to_dict([app])[0] File "%PY2.7%/univention/appcenter/actions/domain.py", line 94, in to_dict lo, pos = self._get_ldap_connection(args=None, allow_machine_connection=True) File "%PY2.7%/univention/appcenter/actions/credentials.py", line 167, in _get_ldap_connection return self._get_admin_connection() File "%PY2.7%/univention/appcenter/actions/credentials.py", line 155, in _get_admin_connection return get_admin_connection() File "%PY2.7%/univention/appcenter/udm.py", line 118, in get_admin_connection return getAdminConnection() File "%PY2.7%/univention/admin/uldap.py", line 73, in getAdminConnection lo = univention.uldap.getAdminConnection(start_tls, decode_ignorelist=decode_ignorelist) File "%PY2.7%/univention/uldap.py", line 58, in getAdminConnection return access(host=ucr['ldap/master'], port=port, base=ucr['ldap/base'], binddn='cn=admin,' + ucr['ldap/base'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect) File "%PY2.7%/univention/uldap.py", line 150, in __init__ self.__open(ca_certfile) File "%PY2.7%/univention/uldap.py", line 185, in __open self.lo.start_tls_s() File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 884, in start_tls_s res = self._apply_method_s(SimpleLDAPObject.start_tls_s,*args,**kwargs) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s return func(self,*args,**kwargs) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 571, in start_tls_s return self._ldap_call(self._l.start_tls_s) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call result = func(*args,**kwargs) CONNECT_ERROR: {'desc': 'Connect error'}
Reported again, 4.1-3 errata282 (Vahr)
Reported again, 4.1-4 errata350 (Vahr) CONNECT_ERROR: {'info': 'error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (unable to get local issuer certificate)', 'desc': 'Connect error'}
This happens also during initial system setup: Version: 4.1-3 errata278 (Vahr) Remark: as Traceback(9c942fe2a4b44ab2e464a58c868aa359): Execution of command 'setup/apps/query wizard' has failed: Traceback (most recent call last): File "%PY2.7%/univention/management/console/base.py", line 283, in execute function(self, request) File "%PY2.7%/univention/management/console/modules/decorators.py", line 318, in _response result = _multi_response(self, request) File "%PY2.7%/univention/management/console/modules/decorators.py", line 462, in _response return list(function(self, iterator, *nones)) File "%PY2.7%/univention/management/console/modules/decorators.py", line 284, in _fake_func yield function(self, *args) File "%PY2.7%/univention/management/console/modules/setup/__init__.py", line 749, in apps_query return util.get_apps(True) File "%PY2.7%/univention/management/console/modules/setup/util.py", line 761, in get_apps _apps = [iapp.to_dict(package_manager) for iapp in applications if iapp.get('withoutrepository')] File "%PY2.7%/univention/management/console/modules/decorators.py", line 648, in wrapper return func(*args, **kwargs) File "%PY2.7%/univention/management/console/modules/appcenter/app_center.py", line 993, in to_dict domainwide_managed = self.domainwide_managed(hosts) File "%PY2.7%/univention/management/console/modules/appcenter/app_center.py", line 983, in domainwide_managed hosts = get_all_hosts() File "%PY2.7%/univention/management/console/modules/appcenter/util.py", line 119, in get_all_hosts get_hosts(domaincontroller_slave, lo, ucr) + \ File "%PY2.7%/univention/management/console/modules/appcenter/util.py", line 84, in get_hosts _hosts = module.lookup(None, lo, None) File "%PY2.7%/univention/admin/handlers/computers/domaincontroller_master.py", line 699, in lookup for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit): File "%PY2.7%/univention/uldap.py", line 284, in search res = self.lo.search_ext_s(base, ldap_scope, filter, attr, serverctrls=serverctrls, clientctrls=None, timeout=timeout, sizelimit=sizelimit) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 918, in search_ext_s return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 865, in _apply_method_s self.reconnect(self._uri,retry_max=self._retry_max,retry_delay=self._retry_delay) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 829, in reconnect SimpleLDAPObject.start_tls_s(self) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 571, in start_tls_s return self._ldap_call(self._l.start_tls_s) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call result = func(*args,**kwargs) CONNECT_ERROR: {'info': 'error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (self signed certificate in certificate chain)', 'desc': 'Connect error'}
Version: 4.1-4 errata408 (Vahr)
Version: 4.1-4 errata407 (Vahr) CONNECT_ERROR: {'info': 'TLS: hostname does not match CN in peer certificate', 'desc': 'Connect error'}
*** This bug has been marked as a duplicate of bug 39963 ***
Reported again, 4.2-0 errata0 (Lesum)
Reported again, Version: 4.2-1 errata85 (Lesum) The version should already be fixed. Is something in the error handling of the AppCenter module broken? Execution of command 'apps/get' has failed: Traceback (most recent call last): File "%PY2.7%/univention/management/console/base.py", line 249, in execute function.__func__(self, request, *args, **kwargs) File "%PY2.7%/univention/management/console/modules/decorators.py", line 318, in _response result = _multi_response(self, request) File "%PY2.7%/univention/management/console/modules/decorators.py", line 192, in _response return function(self, request) File "%PY2.7%/univention/management/console/modules/decorators.py", line 440, in _response return list(function(self, iterator, *nones)) File "%PY2.7%/univention/management/console/modules/decorators.py", line 286, in _fake_func yield function(self, *args) File "%PY2.7%/univention/management/console/modules/apps/__init__.py", line 64, in get return domain.to_dict([app])[0] File "%PY2.7%/univention/appcenter/actions/domain.py", line 97, in to_dict lo, pos = self._get_ldap_connection(args=None, allow_machine_connection=True) File "%PY2.7%/univention/appcenter/actions/credentials.py", line 177, in _get_ldap_connection return self._get_machine_connection() File "%PY2.7%/univention/appcenter/actions/credentials.py", line 146, in _get_machine_connection return get_machine_connection() File "%PY2.7%/univention/appcenter/udm.py", line 138, in get_machine_connection return getMachineConnection() File "%PY2.7%/univention/admin/uldap.py", line 148, in getMachineConnection lo = univention.uldap.getMachineConnection(start_tls, decode_ignorelist=decode_ignorelist, ldap_master=ldap_master) File "%PY2.7%/univention/uldap.py", line 86, in getMachineConnection return access(host=ucr['ldap/master'], port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect) File "%PY2.7%/univention/uldap.py", line 152, in __init__ self.__open(ca_certfile) File "%PY2.7%/univention/uldap.py", line 202, in __open self.lo.start_tls_s() File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 884, in start_tls_s res = self._apply_method_s(SimpleLDAPObject.start_tls_s,*args,**kwargs) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s return func(self,*args,**kwargs) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 571, in start_tls_s return self._ldap_call(self._l.start_tls_s) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call result = func(*args,**kwargs) CONNECT_ERROR: {'info': 'error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (self signed certificate in certificate chain)', 'desc': 'Connect error'} Role: memberserver
Reported again, 4.1-4 errata447 (Vahr)
Hmm, also reported with: Version: 4.2-2 errata189 (Lesum) #2017093021000151 Die Ausführung des Kommandos appcenter/get ist fehlgeschlagen: Traceback (most recent call last): File "%PY2.7%/univention/management/console/base.py", line 249, in execute function.__func__(self, request, *args, **kwargs) File "%PY2.7%/univention/management/console/modules/decorators.py", line 192, in _response return function(self, request) File "%PY2.7%/univention/management/console/modules/decorators.py", line 318, in _response result = _multi_response(self, request) File "%PY2.7%/univention/management/console/modules/decorators.py", line 192, in _response return function(self, request) File "%PY2.7%/univention/management/console/modules/decorators.py", line 440, in _response return list(function(self, iterator, *nones)) File "%PY2.7%/univention/management/console/modules/decorators.py", line 286, in _fake_func yield function(self, *args) File "%PY2.7%/univention/management/console/modules/appcenter/__init__.py", line 281, in get return domain.to_dict([app])[0] File "%PY2.7%/univention/appcenter/actions/domain.py", line 97, in to_dict lo, pos = self._get_ldap_connection(args=None, allow_machine_connection=True) File "%PY2.7%/univention/appcenter/actions/credentials.py", line 154, in _get_ldap_connection return self._get_machine_connection() File "%PY2.7%/univention/appcenter/actions/credentials.py", line 123, in _get_machine_connection return get_machine_connection() File "%PY2.7%/univention/appcenter/udm.py", line 138, in get_machine_connection return getMachineConnection() File "%PY2.7%/univention/admin/uldap.py", line 143, in getMachineConnection lo = univention.uldap.getMachineConnection(start_tls, decode_ignorelist=decode_ignorelist, ldap_master=ldap_master) File "%PY2.7%/univention/uldap.py", line 86, in getMachineConnection return access(host=ucr['ldap/master'], port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect) File "%PY2.7%/univention/uldap.py", line 152, in __init__ self.__open(ca_certfile) File "%PY2.7%/univention/uldap.py", line 202, in __open self.lo.start_tls_s() File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 884, in start_tls_s res = self._apply_method_s(SimpleLDAPObject.start_tls_s,*args,**kwargs) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s return func(self,*args,**kwargs) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 571, in start_tls_s return self._ldap_call(self._l.start_tls_s) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call result = func(*args,**kwargs) CONNECT_ERROR: {'info': 'error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (self signed certificate in certificate chain)', 'desc': 'Connect error'}
Fixed in univention-appcenter 6.0.10-17A~4.2.0.201710191114
OK
What is now happening? How was the fix implemented?
(In reply to Florian Best from comment #19) > What is now happening? How was the fix implemented? UMC shows an error box with An error occurred Internal server error. Server error message: LDAP connection refused. There may be an issue with the certificate of the LDAP server. Please also check the proxy and firewall settings, if any. (No further details) and cmdline looks like -> univention-app install owncloud Going to install ownCloud (10.0.1-20170523) Executing interface update_available for owncloud No interface defined LDAP-Verbindung wurde verweigert. Das kann an einem Problem mit dem Zertifikat des LDAP-Servers liegen. Bitte prüfen Sie auch die Proxy- und Firewall-Einstellungen, sofern vorhanden. (No further details) So just an error message instead of the traceback
<http://errata.software-univention.de/ucs/4.2/204.html>
Reported again: Version: 4.2-1 errata197 (Lesum)