search

uyuni-project / uyuni

Source code for Uyuni
https://www.uyuni-project.org/
GNU General Public License v2.0
433 stars 181 forks source link

mgr_ca_cert error with publishing RHN-ORG-TRUSTED-SSL-CERT #8338

Closed DENISKI closed 8 months ago

DENISKI commented 8 months ago

Problem description

After upgrade to Uyuni 2024.01 from 2023.09 we have an issue applying salt state: ID: mgr_ca_cert Function: file.managed Name: /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT Result: False Comment: Source file salt://certs/RHN-ORG-TRUSTED-SSL-CERT not found in saltenv 'base' Started: 22:33:06.931928 Duration: 11.035 ms Changes: All dependent jobs are also failed. Certificate is in place: ls -la /usr/share/susemanager/salt/certs/RHN-ORG-TRUSTED-SSL-CERT lrwxrwxrwx 1 root root 44 Feb 16 17:59 /usr/share/susemanager/salt/certs/RHN-ORG-TRUSTED-SSL-CERT -> /srv/www/htdocs/pub/RHN-ORG-TRUSTED-SSL-CERT Log from salt master: 2024-02-19 22:25:51,728 [salt.utils.event :32 ][TRACE ][9843] get_event() received = {'data': {'cmd': '_return', 'id': 'puppet-dev1-unp1.c.orocloud-management-dev.internal', 'success': False, 'return': {'saltutil_|-sync_states_|-sync_states_|-sync_states': {'name': 'sync_states', 'changes': {}, 'result': True, 'comment': 'No updates to sync', '__sls__': 'util.syncstates', '__run_num__': 0, 'start_time': '22:25:42.748218', 'duration': 123.255, '__id__': 'sync_states'}, 'pkg_|-mgr_absent_ca_package_|-rhn-org-trusted-ssl-cert_|-removed': {'name': 'rhn-org-trusted-ssl-cert', 'changes': {}, 'result': True, 'comment': 'All specified packages are already absent', '__sls__': 'certs', '__run_num__': 1, 'start_time': '22:25:43.821926', 'duration': 7.574, '__id__': 'mgr_absent_ca_package'}, 'file_|-mgr_ca_cert_|-/etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT_|-managed': {'changes': {}, 'comment': "Source file salt://certs/RHN-ORG-TRUSTED-SSL-CERT not found in saltenv 'base'", 'name': '/etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT', 'result': False, '__sls__': 'certs', '__run_num__': 2, 'start_time': '22:25:43.831533', 'duration': 12.755, '__id__': 'mgr_ca_cert'}, 'cmd_|-update-ca-certificates_|-/usr/sbin/update-ca-certificates_|-run': {'changes': {}, 'result': False, 'duration': 0.008, 'start_time': '22:25:43.845836', 'comment': 'One or more requisite failed: certs.mgr_ca_cert', '__run_num__': 3, '__sls__': 'certs', '__id__': 'update-ca-certificates', 'name': '/usr/sbin/update-ca-certificates'}, 'file_|-mgr_proxy_ca_cert_symlink_|-/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT_|-symlink': {'result': True, 'name': '/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT', 'changes': {}, 'comment': 'onlyif condition is false', '__sls__': 'certs', '__id__': 'mgr_proxy_ca_cert_symlink', 'skip_watch': True, '__run_num__': 4, 'start_time': '22:25:43.845935', 'duration': 316.253}, 'file_|-mgr_deploy_tools_uyuni_key_|-/etc/pki/rpm-gpg/uyuni-tools-gpg-pubkey-0d20833e.key_|-managed': {'changes': {}, 'comment': 'File /etc/pki/rpm-gpg/uyuni-tools-gpg-pubkey-0d20833e.key is in the correct state', 'name': '/etc/pki/rpm-gpg/uyuni-tools-gpg-pubkey-0d20833e.key', 'result': True, '__sls__': 'channels.gpg-keys', '__run_num__': 5, 'start_time': '22:25:44.162330', 'duration': 24.701, '__id__': 'mgr_deploy_tools_uyuni_key'}, 'file_|-mgr_deploy_suse_addon_key_|-/etc/pki/rpm-gpg/suse-addon-97a636db0bad8ecc.key_|-managed': {'changes': {}, 'comment': 'File /etc/pki/rpm-gpg/suse-addon-97a636db0bad8ecc.key is in the correct state', 'name': '/etc/pki/rpm-gpg/suse-addon-97a636db0bad8ecc.key', 'result': True, '__sls__': 'channels.gpg-keys', '__run_num__': 6, 'start_time': '22:25:44.187172', 'duration': 23.734, '__id__': 'mgr_deploy_suse_addon_key'}, 'mgrcompat_|-https_//download.opensuse.org/distribution/leap/15.5/repo/oss/repodata/repomd.xml.key_|-pkg.add_repo_key_|-module_run': {'name': 'pkg.add_repo_key', 'changes': {'ret': True}, 'comment': 'Module function pkg.add_repo_key executed', 'result': True, '__sls__': 'channels.gpg-keys', '__run_num__': 7, 'start_time': '22:25:44.211074', 'duration': 82.782, '__id__': 'https_//download.opensuse.org/distribution/leap/15.5/repo/oss/repodata/repomd.xml.key'}, 'mgrcompat_|-file_///etc/pki/rpm-gpg/uyuni-tools-gpg-pubkey-0d20833e.key_|-pkg.add_repo_key_|-module_run': {'name': 'pkg.add_repo_key', 'changes': {'ret': True}, 'comment': 'Module function pkg.add_repo_key executed', 'result': True, '__sls__': 'channels.gpg-keys', '__run_num__': 8, 'start_time': '22:25:44.294007', 'duration': 14.41, '__id__': 'file_///etc/pki/rpm-gpg/uyuni-tools-gpg-pubkey-0d20833e.key'}, 'mgrcompat_|-https_//download.opensuse.org/repositories/Cloud_/Tools/15.5/repodata/repomd.xml.key_|-pkg.add_repo_key_|-module_run': {'name': 'pkg.add_repo_key', 'changes': {'ret': True}, 'comment': 'Module function pkg.add_repo_key executed', 'result': True, '__sls__': 'channels.gpg-keys', '__run_num__': 9, 'start_time': '22:25:44.308563', 'duration': 56.01, '__id__': 'https_//download.opensuse.org/repositories/Cloud_/Tools/15.5/repodata/repomd.xml.key'}, 'mgrcompat_|-https_//download.opensuse.org/repositories/devel_/languages_/ruby/15.5/repodata/repomd.xml.key_|-pkg.add_repo_key_|-module_run': {'name': 'pkg.add_repo_key', 'changes': {'ret': True}, 'comment': 'Module function pkg.add_repo_key executed', 'result': True, '__sls__': 'channels.gpg-keys', '__run_num__': 10, 'start_time': '22:25:44.364721', 'duration': 59.729, '__id__': 'https_//download.opensuse.org/repositories/devel_/languages_/ruby/15.5/repodata/repomd.xml.key'}, 'mgrcompat_|-https_//download.opensuse.org/repositories/devel_/languages_/python/15.5/repodata/repomd.xml.key_|-pkg.add_repo_key_|-module_run': {'name': 'pkg.add_repo_key', 'changes': {}, 'comment': 'Module function pkg.add_repo_key threw an exception. Exception: Error: HTTP 404: Not Found reading /repositories/devel:/languages:/python/15.5/repodata/repomd.xml.key', 'result': False, '__sls__': 'channels.gpg-keys', '__run_num__': 11, 'start_time': '22:25:44.424596', 'duration': 45.395, '__id__': 'https_//download.opensuse.org/repositories/devel_/languages_/python/15.5/repodata/repomd.xml.key'}, 'file_|-mgrchannels_repo_|-/etc/zypp/repos.d/susemanager:channels.repo_|-managed': {'changes': {}, 'result': False, 'duration': 0.003, 'start_time': '22:25:44.470343', 'comment': 'One or more requisite failed: certs.mgr_ca_cert', '__run_num__': 12, '__sls__': 'channels', '__id__': 'mgrchannels_repo', 'name': '/etc/zypp/repos.d/susemanager:channels.repo'}, 'pkg_|-pkg_installed_|-pkg_installed_|-installed': {'changes': {}, 'result': False, 'duration': 0.004, 'start_time': '22:25:44.470835', 'comment': 'One or more requisite failed: channels.mgrchannels_repo', '__run_num__': 13, '__sls__': 'packages.packages_fb5b644c2637dba0e9c2d7ece99725cd', '__id__': 'pkg_installed', 'name': 'pkg_installed'}, 'pkg_|-pkg_removed_|-pkg_removed_|-removed': {'changes': {}, 'result': False, 'duration': 0.003, 'start_time': '22:25:44.470995', 'comment': 'One or more requisite failed: channels.mgrchannels_repo', '__run_num__': 14, '__sls__': 'packages.packages_fb5b644c2637dba0e9c2d7ece99725cd', '__id__': 'pkg_removed', 'name': 'pkg_removed'}, 'pkg_|-pkg_latest_|-pkg_latest_|-latest': {'changes': {}, 'result': False, 'duration': 0.001, 'start_time': '22:25:44.471106', 'comment': 'One or more requisite failed: channels.mgrchannels_repo', '__run_num__': 15, '__sls__': 'packages.packages_fb5b644c2637dba0e9c2d7ece99725cd', '__id__': 'pkg_latest', 'name': 'pkg_latest'}, 'product_|-mgr_install_products_|-mgr_install_products_|-all_installed': {'changes': {}, 'result': False, 'duration': 0.002, 'start_time': '22:25:44.471428', 'comment': 'One or more requisite failed: channels.mgrchannels_repo', '__run_num__': 16, '__sls__': 'packages', '__id__': 'mgr_install_products', 'name': 'mgr_install_products'}, 'service_|-disable_spacewalksd_|-rhnsd_|-dead': {'name': 'rhnsd', 'changes': {}, 'result': True, 'comment': 'The named service rhnsd is not available', '__sls__': 'services.salt-minion', '__run_num__': 17, 'start_time': '22:25:44.471472', 'duration': 9.979, '__id__': 'disable_spacewalksd'}, 'service_|-disable_spacewalk-update-status_|-spacewalk-update-status_|-dead': {'name': 'spacewalk-update-status', 'changes': {}, 'result': True, 'comment': 'The named service spacewalk-update-status is not available', '__sls__': 'services.salt-minion', '__run_num__': 18, 'start_time': '22:25:44.481598', 'duration': 6.844, '__id__': 'disable_spacewalk-update-status'}, 'service_|-disable_osad_|-osad_|-dead': {'name': 'osad', 'changes': {}, 'result': True, 'comment': 'The named service osad is not available', '__sls__': 'services.salt-minion', '__run_num__': 19, 'start_time': '22:25:44.488583', 'duration': 6.513, '__id__': 'disable_osad'}, 'pkg_|-remove_traditional_stack_all_|-remove_traditional_stack_all_|-removed': {'name': 'remove_traditional_stack_all', 'changes': {}, 'result': True, 'comment': 'All specified packages are already absent', '__sls__': 'services.salt-minion', '__run_num__': 20, 'start_time': '22:25:44.495236', 'duration': 7.671, '__id__': 'remove_traditional_stack_all'}, 'pkg_|-remove_traditional_stack_|-remove_traditional_stack_|-removed': {'result': True, 'name': 'remove_traditional_stack', 'changes': {}, 'comment': 'unless condition is true', '__sls__': 'services.salt-minion', '__id__': 'remove_traditional_stack', 'skip_watch': True, '__run_num__': 21, 'start_time': '22:25:44.503095', 'duration': 13.876}, 'file_|-/etc/sysconfig/rhn/systemid_|-/etc/sysconfig/rhn/systemid_|-managed': {'changes': {}, 'comment': 'File /etc/sysconfig/rhn/systemid exists with proper permissions. No changes made.', 'name': '/etc/sysconfig/rhn/systemid', 'result': True, '__sls__': 'services.salt-minion', '__run_num__': 22, 'start_time': '22:25:44.517122', 'duration': 1.027, '__id__': '/etc/sysconfig/rhn/systemid'}, 'pkg_|-mgr_salt_minion_inst_|-venv-salt-minion_|-installed': {'name': 'venv-salt-minion', 'changes': {}, 'result': True, 'comment': 'All specified packages are already installed', '__sls__': 'services.salt-minion', '__run_num__': 23, 'start_time': '22:25:44.518540', 'duration': 7127.915, '__id__': 'mgr_salt_minion_inst'}, 'file_|-/etc/venv-salt-minion/minion.d/susemanager.conf_|-/etc/venv-salt-minion/minion.d/susemanager.conf_|-managed': {'changes': {}, 'comment': 'File /etc/venv-salt-minion/minion.d/susemanager.conf is in the correct state', 'name': '/etc/venv-salt-minion/minion.d/susemanager.conf', 'result': True, '__sls__': 'services.salt-minion', '__run_num__': 24, 'start_time': '22:25:51.646648', 'duration': 56.237, '__id__': '/etc/venv-salt-minion/minion.d/susemanager.conf'}, 'service_|-mgr_salt_minion_run_|-venv-salt-minion_|-running': {'name': 'venv-salt-minion', 'changes': {}, 'result': True, 'comment': 'The service venv-salt-minion is already running', '__sls__': 'services.salt-minion', '__run_num__': 25, 'start_time': '22:25:51.703045', 'duration': 15.8, '__id__': 'mgr_salt_minion_run'}}, 'retcode': 2, 'jid': '20240219222540704286', 'fun': 'state.apply', 'fun_args': [], 'out': 'highstate', '_stamp': '2024-02-19T22:25:51.726898'}, 'tag': 'salt/job/20240219222540704286/ret/puppet-dev1-unp1.c.orocloud-management-dev.internal'} Log from salt client: 2024-02-19 22:33:06,942 [salt.state :327 ][ERROR ][5786] Source file salt://certs/RHN-ORG-TRUSTED-SSL-CERT not found in saltenv 'base'

Steps to reproduce

  1. Upgrade from 2023.09 to 2024.01
  2. Try to run salt -E 'some-host-pattern.*' state.apply

Uyuni version

2024.01

Uyuni proxy version (if used)

2024.01

Useful logs

No response

Additional information

No response

mcalmer commented 8 months ago

You updated salt-master. It contains a security fix which forbid using symlinks pointing outside of the salt filesystem. We released yesterday 2024.02 to fix this problem. Please upgrade. This should fix the issue

DENISKI commented 8 months ago

It works as expected in 2024.02. Thanks.