Bug 39325 - appcenter does not handle CONNECT_ERROR
appcenter does not handle CONNECT_ERROR
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UMC - App-Center
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.2-2-errata
Assigned To: Dirk Wiesenthal
Felix Botner
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-09-10 09:58 CEST by Florian Best
Modified: 2017-10-25 14:49 CEST (History)
2 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 6: Setup Problem: Issue for the setup process
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.206
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Ticket number: 2017093021000124, 2017093021000151, 2016101121000418, 2016120121001147, 2016120121001138, 2016122021000433, 2017032721000598, 2017032221000025, 2017062821000287, 2017070921000203, 2017081621000886
Bug group (optional): Error handling, External feedback
Max CVSS v3 score:
best: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Best univentionstaff 2015-09-10 09:58:56 CEST
4.0-3 errata313 (Walle)

Die Ausführung des Kommandos appcenter/query ist fehlgeschlagen:

Traceback (most recent call last):
  File "%PY2.7%/univention/management/console/base.py", line 282, in execute
    function(self, request)
  File "%PY2.7%/univention/management/console/modules/appcenter/__init__.py", line 81, in _decorated
    return func(self, request, *a, **kwargs)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 316, in _response
    result = _multi_response(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 460, in _response
    return list(function(self, iterator, *nones))
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 282, in _fake_func
    yield function(self, *args)
  File "%PY2.7%/univention/management/console/modules/appcenter/__init__.py", line 130, in query
    props = application.to_dict(self.package_manager, domainwide_managed, hosts)
  File "%PY2.7%/univention/management/console/modules/appcenter/decorators.py", line 56, in wrapper
    return func(*args, **kwargs)
  File "%PY2.7%/univention/management/console/modules/appcenter/app_center.py", line 943, in to_dict
    ldap_object = self.get_ldap_object()
  File "%PY2.7%/univention/management/console/modules/appcenter/decorators.py", line 97, in _decorated
    conn = connection()
  File "%PY2.7%/univention/management/console/modules/appcenter/decorators.py", line 74, in connection
    return _getMachineConnection(**kwargs)
  File "%PY2.7%/univention/admin/uldap.py", line 75, in getMachineConnection
    lo=univention.uldap.getMachineConnection(start_tls, decode_ignorelist=decode_ignorelist, ldap_master=ldap_master)
  File "%PY2.7%/univention/uldap.py", line 101, in getMachineConnection
    lo=access(host=ucr['ldap/master'], port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect)
  File "%PY2.7%/univention/uldap.py", line 177, in __init__
    self.__open(ca_certfile)
  File "%PY2.7%/univention/uldap.py", line 215, in __open
    self.lo.start_tls_s()
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 884, in start_tls_s
    res = self._apply_method_s(SimpleLDAPObject.start_tls_s,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s
    return func(self,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 571, in start_tls_s
    return self._ldap_call(self._l.start_tls_s)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
CONNECT_ERROR: {'info': 'error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (self signed certificate in certificate chain)', 'desc': 'Connect error'}


Remark:
letzte Tätigkeit:
- Ändern des root cert auf 1. Cluster Knoten
- Neustart des 1. Cluster Knoten
- Neustart 2. Cluster Knoten
- Aufrufen des APP-Centers
Comment 1 Florian Best univentionstaff 2015-09-28 09:50:18 CEST
Reported again, 4.0-3 errata320 (Walle)
Comment 2 Florian Best univentionstaff 2015-11-18 10:16:40 CET
Reported again, 4.1-0 errata0 (Vahr)
Comment 3 Florian Best univentionstaff 2016-04-11 12:26:18 CEST
Reported again, 4.1-1 errata140 (Vahr)
Comment 4 Florian Best univentionstaff 2016-07-04 15:11:50 CEST
Reported again, 4.1-2 errata204 (Vahr)

Die Ausführung des Kommandos appcenter/query ist fehlgeschlagen:

Traceback (most recent call last):
  File "%PY2.7%/univention/management/console/base.py", line 283, in execute
    function(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 318, in _response
    result = _multi_response(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 462, in _response
    return list(function(self, iterator, *nones))
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 284, in _fake_func
    yield function(self, *args)
  File "%PY2.7%/univention/management/console/modules/appcenter/__init__.py", line 191, in query
    return domain.to_dict(apps)
  File "%PY2.7%/univention/appcenter/actions/domain.py", line 94, in to_dict
    lo, pos = self._get_ldap_connection(args=None, allow_machine_connection=True)
  File "%PY2.7%/univention/appcenter/actions/credentials.py", line 167, in _get_ldap_connection
    return self._get_admin_connection()
  File "%PY2.7%/univention/appcenter/actions/credentials.py", line 155, in _get_admin_connection
    return get_admin_connection()
  File "%PY2.7%/univention/appcenter/udm.py", line 118, in get_admin_connection
    return getAdminConnection()
  File "%PY2.7%/univention/admin/uldap.py", line 70, in getAdminConnection
    lo=univention.uldap.getAdminConnection(start_tls, decode_ignorelist=decode_ignorelist)
  File "%PY2.7%/univention/uldap.py", line 68, in getAdminConnection
    lo = access(host=ucr['ldap/master'], port=port, base=ucr['ldap/base'], binddn='cn=admin,' + ucr['ldap/base'], bindpw=bindpw, start_tls=start_tls,
decode_ignorelist=decode_ignorelist, reconnect=reconnect)
  File "%PY2.7%/univention/uldap.py", line 178, in __init__
    self.__open(ca_certfile)
  File "%PY2.7%/univention/uldap.py", line 216, in __open
    self.lo.start_tls_s()
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 884, in start_tls_s
    res = self._apply_method_s(SimpleLDAPObject.start_tls_s,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s
    return func(self,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 571, in start_tls_s
    return self._ldap_call(self._l.start_tls_s)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
CONNECT_ERROR: {'info': 'error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (certificate is not yet valid)', 'desc': 'Connect error'}
Comment 5 Florian Best univentionstaff 2016-07-15 11:53:03 CEST
Reported again, 4.1-2 errata206 (Vahr)

CONNECT_ERROR: {'info': 'error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (self signed certificate in certificate chain)', 'desc': 'Connect error'}
Comment 6 Florian Best univentionstaff 2016-07-15 12:11:14 CEST
Reported again, 4.1-2 errata209 (Vahr)

Die Ausführung des Kommandos appcenter/get ist fehlgeschlagen:

Traceback (most recent call last):
  File "%PY2.7%/univention/management/console/base.py", line 283, in execute
    function(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 190, in _response
    return function(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 318, in _response
    result = _multi_response(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 462, in _response
    return list(function(self, iterator, *nones))
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 284, in _fake_func
    yield function(self, *args)
  File "%PY2.7%/univention/management/console/modules/appcenter/__init__.py", line 248, in get
    return domain.to_dict([app])[0]
  File "%PY2.7%/univention/appcenter/actions/domain.py", line 94, in to_dict
    lo, pos = self._get_ldap_connection(args=None, allow_machine_connection=True)
  File "%PY2.7%/univention/appcenter/actions/credentials.py", line 167, in _get_ldap_connection
    return self._get_admin_connection()
  File "%PY2.7%/univention/appcenter/actions/credentials.py", line 155, in _get_admin_connection
    return get_admin_connection()
  File "%PY2.7%/univention/appcenter/udm.py", line 118, in get_admin_connection
    return getAdminConnection()
  File "%PY2.7%/univention/admin/uldap.py", line 73, in getAdminConnection
    lo = univention.uldap.getAdminConnection(start_tls, decode_ignorelist=decode_ignorelist)
  File "%PY2.7%/univention/uldap.py", line 58, in getAdminConnection
    return access(host=ucr['ldap/master'], port=port, base=ucr['ldap/base'], binddn='cn=admin,' + ucr['ldap/base'], bindpw=bindpw, start_tls=start_tls,
decode_ignorelist=decode_ignorelist, reconnect=reconnect)
  File "%PY2.7%/univention/uldap.py", line 150, in __init__
    self.__open(ca_certfile)
  File "%PY2.7%/univention/uldap.py", line 185, in __open
    self.lo.start_tls_s()
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 884, in start_tls_s
    res = self._apply_method_s(SimpleLDAPObject.start_tls_s,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s
    return func(self,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 571, in start_tls_s
    return self._ldap_call(self._l.start_tls_s)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
CONNECT_ERROR: {'desc': 'Connect error'}
Comment 7 Florian Best univentionstaff 2016-10-13 11:28:54 CEST
Reported again, 4.1-3 errata282 (Vahr)
Comment 8 Florian Best univentionstaff 2016-12-09 17:24:29 CET
Reported again, 4.1-4 errata350 (Vahr)

CONNECT_ERROR: {'info': 'error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (unable to get local issuer certificate)', 'desc': 'Connect error'}
Comment 9 Florian Best univentionstaff 2016-12-20 16:22:57 CET
This happens also during initial system setup:

Version: 4.1-3 errata278 (Vahr)

Remark: as

Traceback(9c942fe2a4b44ab2e464a58c868aa359):
Execution of command 'setup/apps/query wizard' has failed:

Traceback (most recent call last):
  File "%PY2.7%/univention/management/console/base.py", line 283, in execute
    function(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 318, in _response
    result = _multi_response(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 462, in _response
    return list(function(self, iterator, *nones))
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 284, in _fake_func
    yield function(self, *args)
  File "%PY2.7%/univention/management/console/modules/setup/__init__.py", line 749, in apps_query
    return util.get_apps(True)
  File "%PY2.7%/univention/management/console/modules/setup/util.py", line 761, in get_apps
    _apps = [iapp.to_dict(package_manager) for iapp in applications if iapp.get('withoutrepository')]
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 648, in wrapper
    return func(*args, **kwargs)
  File "%PY2.7%/univention/management/console/modules/appcenter/app_center.py", line 993, in to_dict
    domainwide_managed = self.domainwide_managed(hosts)
  File "%PY2.7%/univention/management/console/modules/appcenter/app_center.py", line 983, in domainwide_managed
    hosts = get_all_hosts()
  File "%PY2.7%/univention/management/console/modules/appcenter/util.py", line 119, in get_all_hosts
    get_hosts(domaincontroller_slave, lo, ucr) + \
  File "%PY2.7%/univention/management/console/modules/appcenter/util.py", line 84, in get_hosts
    _hosts = module.lookup(None, lo, None)
  File "%PY2.7%/univention/admin/handlers/computers/domaincontroller_master.py", line 699, in lookup
    for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit):
  File "%PY2.7%/univention/uldap.py", line 284, in search
    res = self.lo.search_ext_s(base, ldap_scope, filter, attr, serverctrls=serverctrls, clientctrls=None, timeout=timeout, sizelimit=sizelimit)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 918, in search_ext_s
    return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 865, in _apply_method_s
    self.reconnect(self._uri,retry_max=self._retry_max,retry_delay=self._retry_delay)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 829, in reconnect
    SimpleLDAPObject.start_tls_s(self)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 571, in start_tls_s
    return self._ldap_call(self._l.start_tls_s)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
CONNECT_ERROR: {'info': 'error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (self signed certificate in certificate chain)', 'desc': 'Connect error'}
Comment 10 Florian Best univentionstaff 2017-04-18 12:41:15 CEST
Version: 4.1-4 errata408 (Vahr)
Comment 11 Florian Best univentionstaff 2017-04-21 15:31:57 CEST
Version: 4.1-4 errata407 (Vahr)
CONNECT_ERROR: {'info': 'TLS: hostname does not match CN in peer certificate', 'desc': 'Connect error'}
Comment 12 Florian Best univentionstaff 2017-06-20 12:43:29 CEST

*** This bug has been marked as a duplicate of bug 39963 ***
Comment 13 Florian Best univentionstaff 2017-06-28 11:35:07 CEST
Reported again, 4.2-0 errata0 (Lesum)
Comment 14 Florian Best univentionstaff 2017-07-14 13:57:53 CEST
Reported again,
Version: 4.2-1 errata85 (Lesum)

The version should already be fixed. Is something in the error handling of the AppCenter module broken?

Execution of command 'apps/get' has failed:

Traceback (most recent call last):
  File "%PY2.7%/univention/management/console/base.py", line 249, in execute
    function.__func__(self, request, *args, **kwargs)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 318, in _response
    result = _multi_response(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 192, in _response
    return function(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 440, in _response
    return list(function(self, iterator, *nones))
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 286, in _fake_func
    yield function(self, *args)
  File "%PY2.7%/univention/management/console/modules/apps/__init__.py", line 64, in get
    return domain.to_dict([app])[0]
  File "%PY2.7%/univention/appcenter/actions/domain.py", line 97, in to_dict
    lo, pos = self._get_ldap_connection(args=None, allow_machine_connection=True)
  File "%PY2.7%/univention/appcenter/actions/credentials.py", line 177, in _get_ldap_connection
    return self._get_machine_connection()
  File "%PY2.7%/univention/appcenter/actions/credentials.py", line 146, in _get_machine_connection
    return get_machine_connection()
  File "%PY2.7%/univention/appcenter/udm.py", line 138, in get_machine_connection
    return getMachineConnection()
  File "%PY2.7%/univention/admin/uldap.py", line 148, in getMachineConnection
    lo = univention.uldap.getMachineConnection(start_tls, decode_ignorelist=decode_ignorelist, ldap_master=ldap_master)
  File "%PY2.7%/univention/uldap.py", line 86, in getMachineConnection
    return access(host=ucr['ldap/master'], port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist,
reconnect=reconnect)
  File "%PY2.7%/univention/uldap.py", line 152, in __init__
    self.__open(ca_certfile)
  File "%PY2.7%/univention/uldap.py", line 202, in __open
    self.lo.start_tls_s()
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 884, in start_tls_s
    res = self._apply_method_s(SimpleLDAPObject.start_tls_s,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s
    return func(self,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 571, in start_tls_s
    return self._ldap_call(self._l.start_tls_s)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
CONNECT_ERROR: {'info': 'error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (self signed certificate in certificate chain)', 'desc': 'Connect error'}

Role: memberserver
Comment 15 Florian Best univentionstaff 2017-08-21 11:02:34 CEST
Reported again, 4.1-4 errata447 (Vahr)
Comment 16 Florian Best univentionstaff 2017-10-12 20:38:48 CEST
Hmm, also reported with: Version: 4.2-2 errata189 (Lesum)
#2017093021000151
Die Ausführung des Kommandos appcenter/get ist fehlgeschlagen:

Traceback (most recent call last):
  File "%PY2.7%/univention/management/console/base.py", line 249, in execute
    function.__func__(self, request, *args, **kwargs)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 192, in _response
    return function(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 318, in _response
    result = _multi_response(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 192, in _response
    return function(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 440, in _response
    return list(function(self, iterator, *nones))
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 286, in _fake_func
    yield function(self, *args)
  File "%PY2.7%/univention/management/console/modules/appcenter/__init__.py", line 281, in get
    return domain.to_dict([app])[0]
  File "%PY2.7%/univention/appcenter/actions/domain.py", line 97, in to_dict
    lo, pos = self._get_ldap_connection(args=None, allow_machine_connection=True)
  File "%PY2.7%/univention/appcenter/actions/credentials.py", line 154, in _get_ldap_connection
    return self._get_machine_connection()
  File "%PY2.7%/univention/appcenter/actions/credentials.py", line 123, in _get_machine_connection
    return get_machine_connection()
  File "%PY2.7%/univention/appcenter/udm.py", line 138, in get_machine_connection
    return getMachineConnection()
  File "%PY2.7%/univention/admin/uldap.py", line 143, in getMachineConnection
    lo = univention.uldap.getMachineConnection(start_tls, decode_ignorelist=decode_ignorelist, ldap_master=ldap_master)
  File "%PY2.7%/univention/uldap.py", line 86, in getMachineConnection
    return access(host=ucr['ldap/master'], port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist,
reconnect=reconnect)
  File "%PY2.7%/univention/uldap.py", line 152, in __init__
    self.__open(ca_certfile)
  File "%PY2.7%/univention/uldap.py", line 202, in __open
    self.lo.start_tls_s()
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 884, in start_tls_s
    res = self._apply_method_s(SimpleLDAPObject.start_tls_s,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s
    return func(self,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 571, in start_tls_s
    return self._ldap_call(self._l.start_tls_s)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
CONNECT_ERROR: {'info': 'error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (self signed certificate in certificate chain)', 'desc': 'Connect error'}
Comment 17 Dirk Wiesenthal univentionstaff 2017-10-19 12:35:53 CEST
Fixed in
  univention-appcenter 6.0.10-17A~4.2.0.201710191114
Comment 18 Felix Botner univentionstaff 2017-10-24 15:01:11 CEST
OK
Comment 19 Florian Best univentionstaff 2017-10-24 15:07:11 CEST
What is now happening? How was the fix implemented?
Comment 20 Felix Botner univentionstaff 2017-10-24 16:29:15 CEST
(In reply to Florian Best from comment #19)
> What is now happening? How was the fix implemented?

UMC shows an error box with

An error occurred
Internal server error.

Server error message:

LDAP connection refused. There may be an issue with the certificate of the LDAP server. Please also check the proxy and firewall settings, if any. (No further details)

and cmdline looks like 

-> univention-app install owncloud
Going to install ownCloud (10.0.1-20170523)
Executing interface update_available for owncloud
No interface defined
LDAP-Verbindung wurde verweigert. Das kann an einem Problem mit dem Zertifikat des LDAP-Servers liegen. Bitte prüfen Sie auch die Proxy- und Firewall-Einstellungen, sofern vorhanden. (No further details)

So just an error message instead of the traceback
Comment 21 Arvid Requate univentionstaff 2017-10-25 14:49:30 CEST
<http://errata.software-univention.de/ucs/4.2/204.html>