OEL9 cannot register minion

mmol123 commented 8 months ago

Problem description

I have a problem with registration OEL9.3 minions...in /var/log/rhn/rhn_web_ui.log I get:

[salt-event-thread-8] WARN com.suse.manager.reactor.messaging.RegisterMinionEventMessageAction - Multiple release packages are installed on minion: test-oel9.local 2024-01-15 13:45:02,149 [salt-event-thread-8] ERROR com.suse.manager.reactor.messaging.RegisterMinionEventMessageAction - Error registering minion id: test-oel9.local java.lang.ArrayIndexOutOfBoundsException: Index 1 out of bounds for length 1 at com.suse.manager.reactor.messaging.RegisterMinionEventMessageAction.lambda$parseRHELReleseQuery$44(RegisterMinionEventMessageAction.java:930) ~[rhn.jar:?] at java.util.stream.Collectors.lambda$uniqKeysMapAccumulator$1(Collectors.java:178) ~[?:?] at java.util.stream.ReduceOps$3ReducingSink.accept(ReduceOps.java:169) ~[?:?] at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195) ~[?:?] at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1655) ~[?:?] at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484) ~[?:?] at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) ~[?:?] at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913) ~[?:?] at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?] at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578) ~[?:?] at com.suse.manager.reactor.messaging.RegisterMinionEventMessageAction.lambda$parseRHELReleseQuery$45(RegisterMinionEventMessageAction.java:929) ~[rhn.jar:?] at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195) ~[?:?] at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1655) ~[?:?] at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484) ~[?:?] at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) ~[?:?] at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913) ~[?:?] at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?] at java.util.stream.ReferencePipeline.reduce(ReferencePipeline.java:558) ~[?:?] at java.util.stream.ReferencePipeline.max(ReferencePipeline.java:594) ~[?:?] at com.suse.manager.reactor.messaging.RegisterMinionEventMessageAction.parseRHELReleseQuery(RegisterMinionEventMessageAction.java:933) ~[rhn.jar:?] at com.suse.manager.reactor.messaging.RegisterMinionEventMessageAction.lambda$getOsRelease$65(RegisterMinionEventMessageAction.java:1011) ~[rhn.jar:?] at java.util.Optional.map(Optional.java:265) ~[?:?] at com.suse.manager.reactor.messaging.RegisterMinionEventMessageAction.lambda$getOsRelease$68(RegisterMinionEventMessageAction.java:1004) ~[rhn.jar:?] at java.util.Optional.flatMap(Optional.java:294) ~[?:?] at com.suse.manager.reactor.messaging.RegisterMinionEventMessageAction.getOsRelease(RegisterMinionEventMessageAction.java:988) ~[rhn.jar:?] at com.suse.manager.reactor.messaging.RegisterMinionEventMessageAction.finalizeMinionRegistration(RegisterMinionEventMessageAction.java:505) ~[rhn.jar:?] at com.suse.manager.reactor.messaging.RegisterMinionEventMessageAction.lambda$registerMinion$7(RegisterMinionEventMessageAction.java:245) ~[rhn.jar:?] at com.suse.utils.Opt.consume(Opt.java:89) ~[rhn.jar:?] at com.suse.manager.reactor.messaging.RegisterMinionEventMessageAction.lambda$registerMinion$9(RegisterMinionEventMessageAction.java:242) ~[rhn.jar:?] at com.suse.utils.Opt.consume(Opt.java:89) ~[rhn.jar:?] at com.suse.manager.reactor.messaging.RegisterMinionEventMessageAction.lambda$registerMinion$18(RegisterMinionEventMessageAction.java:241) ~[rhn.jar:?] at com.suse.utils.Opt.consume(Opt.java:89) ~[rhn.jar:?] at com.suse.manager.reactor.messaging.RegisterMinionEventMessageAction.registerMinion(RegisterMinionEventMessageAction.java:239) ~[rhn.jar:?] at com.suse.manager.reactor.messaging.RegisterMinionEventMessageAction.lambda$registerMinion$5(RegisterMinionEventMessageAction.java:201) ~[rhn.jar:?] at com.suse.utils.Opt.consume(Opt.java:92) ~[rhn.jar:?] at com.suse.manager.reactor.messaging.RegisterMinionEventMessageAction.lambda$registerMinion$6(RegisterMinionEventMessageAction.java:199) ~[rhn.jar:?] at com.suse.utils.Opt.consume(Opt.java:92) ~[rhn.jar:?] at com.suse.manager.reactor.messaging.RegisterMinionEventMessageAction.registerMinion(RegisterMinionEventMessageAction.java:186) ~[rhn.jar:?] at com.suse.manager.reactor.messaging.RegisterMinionEventMessageAction.execute(RegisterMinionEventMessageAction.java:155) ~[rhn.jar:?] at com.suse.manager.reactor.PGEventListener.lambda$notify$1(PGEventListener.java:76) ~[rhn.jar:?] at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1655) ~[?:?] at java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:658) ~[?:?] at com.suse.manager.reactor.PGEventListener.lambda$notify$2(PGEventListener.java:74) ~[rhn.jar:?] at java.util.stream.Streams$StreamBuilderImpl.forEachRemaining(Streams.java:411) ~[?:?] at java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:658) ~[?:?] at com.suse.manager.reactor.PGEventListener.notify(PGEventListener.java:71) ~[rhn.jar:?] at com.suse.salt.netapi.event.AbstractEventStream.notifyListeners(AbstractEventStream.java:64) ~[salt-netapi-clientsalt-netapi-client.jar:?] at com.suse.manager.reactor.PGEventStream.lambda$processEvents$6(PGEventStream.java:214) ~[rhn.jar:?] at java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183) ~[?:?] at java.util.stream.SortedOps$SizedRefSortingSink.end(SortedOps.java:357) ~[?:?] at java.util.stream.Sink$ChainedReference.end(Sink.java:258) ~[?:?] at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:485) ~[?:?] at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) ~[?:?] at java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150) ~[?:?] at java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173) ~[?:?] at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?] at java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:497) ~[?:?] at com.suse.manager.reactor.PGEventStream.processEvents(PGEventStream.java:208) ~[rhn.jar:?] at com.suse.manager.reactor.PGEventStream.lambda$notification$1(PGEventStream.java:192) ~[rhn.jar:?] at com.redhat.rhn.frontend.events.TransactionHelper.run(TransactionHelper.java:63) ~[rhn.jar:?] at com.redhat.rhn.frontend.events.TransactionHelper.handlingTransaction(TransactionHelper.java:48) ~[rhn.jar:?] at com.suse.manager.reactor.PGEventStream.lambda$notification$3(PGEventStream.java:191) ~[rhn.jar:?] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?] at java.lang.Thread.run(Thread.java:829) ~[?:?]

Salt registered key properly.

I think, the problem is when are used repos using sha1....then dnf generate warning Signature not supported. Hash algorithm SHA1 not available and uyuni cannot handle it ...When we set update-crypto-policies --set LEGACY and reboot the server everything works ok....but this is not accepted solution by secure team.....

Steps to reproduce

Add repo using SHA1
execute bootstrap script
minion dont work - salt add key but uyuni cannot reginster minion
change crypto-policy
reboot
minion works fine ...

Uyuni version

Information for package Uyuni-Server-release:
---------------------------------------------
Repository     : Uyuni Server Stable
Name           : Uyuni-Server-release
Version        : 2023.12-230900.210.2.uyuni3
Arch           : x86_64
Vendor         : obs://build.opensuse.org/systemsmanagement:Uyuni
Support Level  : Level 3
Installed Size : 1.4 KiB
Installed      : Yes
Status         : out-of-date (version 2023.03-220400.199.1.uyuni2 installed)
Source package : Uyuni-Server-release-2023.12-230900.210.2.uyuni3.src
Summary        : Uyuni Server

Uyuni proxy version (if used)

No response

Useful logs

No response

Additional information

No response

avshiliaev commented 8 months ago

Hey @mmol123 thanks for the report. Could you run the following command on the minion and see what is the output?

rpm -q --whatprovides --queryformat "%{NAME}\n" redhat-release

mmol123 commented 8 months ago

Hey @mmol123 thanks for the report. Could you run the following command on the minion and see what is the output?

rpm -q --whatprovides --queryformat "%{NAME}\n" redhat-release

warning: Signature not supported. Hash algorithm SHA1 not available. warning: Signature not supported. Hash algorithm SHA1 not available. redhat-release redhat-release

when I delete some gpg key from rpm and this warning disappear minion register well...

rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'

warning: Signature not supported. Hash algorithm SHA1 not available. gpg-pubkey-2f86d6a1-5cf7cefb gpg(Fedora EPEL (8) epel@fedoraproject.org) gpg-pubkey-ad986da3-5cabf60d gpg(Oracle OSS group (Open Source Software group) build@oss.oracle.com) gpg-pubkey-8d8b756f-629e59ec Oracle Linux (release key 1) secalert_us@oracle.com public key gpg-pubkey-8b4efbe6-629ec292 Oracle Linux (backup key 1) secalert_us@oracle.com public key gpg-pubkey-3228467c-613798eb Fedora (epel9) epel@fedoraproject.org public key

rpm -e gpg-pubkey-xxx

I must add, that this machnie was upgradet from OEL8 using leapp.....on clean OEL9 installation this problem does not occur.

avshiliaev commented 6 months ago

I think this is exactly the problem, since the SHA-1 is deprecated starting from RHEL9.

However, I think we should better handle such a case, when the following command gives us an unexpected result

rpm -q --queryformat "VERSION=%{VERSION}\nPROVIDENAME=[%{PROVIDENAME},]\nPROVIDEVERSION=[%{PROVIDEVERSION},]\n" redhat-release-server

uyuni-project / uyuni