Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1354633 - Error downloading debug certificate
Summary: Error downloading debug certificate
Alias: None
Product: Candlepin
Classification: Community
Component: candlepin
Version: 0.9.54
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 0.9.54
Assignee: Michael Stead
QA Contact: Katello QA List
Depends On:
Blocks: 1354623 1354638 1370206 1405518
TreeView+ depends on / blocked
Reported: 2016-07-11 19:30 UTC by Michael Stead
Modified: 2016-12-16 16:06 UTC (History)
4 users (show)

Fixed In Version: candlepin-
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1354638 (view as bug list)
Last Closed: 2016-08-22 18:25:07 UTC

Attachments (Terms of Use)
Stack trace showing the candlepin error (deleted)
2016-07-11 19:30 UTC, Michael Stead
no flags Details

System ID Priority Status Summary Last Updated
Github candlepin candlepin pull 1303 None None None 2016-07-25 18:56:03 UTC

Description Michael Stead 2016-07-11 19:30:56 UTC
Created attachment 1178522 [details]
Stack trace showing the candlepin error

A katello user reported that they were unable to download the debug certificate from the UI. The attached stack trace shows that candlepin thrown an IndexOutOfBounds exception when fetching the certificate.

A very similar issue was addressed with this BZ #1259248 but it appears that the fix has not completely addressed the issue.

It appears that candlepin is still deleting the debug certificate. More investigation is needed to determine the cause.

The version of candlepin running at the time of the exception was candlepin-

There were no steps to reproduce provided, but the error was triggered by clicking the 'Generate and Download' button.

The workaround included in 1259248 can be used to get around the issue, but DB access is required.

Comment 1 Michael Stead 2016-07-11 20:19:30 UTC
BZ #1259248 was caused when a manifest refresh deleted the debug entitlement and then an attempt was made to download it. This issue appears to be caused by the same process, but I was unable to reproduce it with the latest version of does contain the fix for BZ #1259248 and I could find no other way for the debug cert to be deleted. 

After some investigation, I believe that the user's candlepin instance had been bitten by BZ #1259248 before the user updated the candlepin version that contained the fix, leaving the owner (org) data in a bad state.

The bug fix for 1259248 does prevent the issue from happening, but it does not fix the issue once it has happened. This can be addressed.

Comment 2 Michael Stead 2016-08-02 13:58:50 UTC
The fix for BZ #1259248 prevents this BZ from re-occurring, but systems already affected by the bug will require some data cleanup in order to put the system back in the correct state.

The following patch will clean up the bad data via a liquibase changeset and will allow certs to be generated again. The fix will be applied once candlepin's DB upgrade script is run.


If upgrading candlepin is not an option, this patch can be applied manually by running the following DB queries against the candlepin database.


delete from cp_consumer where id IN (select from cp_consumer c left outer join cp_entitlement e on e.consumer_id = where = ueber_cert_consumer' and is null);

delete from cp_subscription where id in (select from cp_subscription s inner join cp_product p on s.product_id = left outer join cp_pool pool on pool.productid = where LIKE '%_ueber_product' and is null);

delete from cp_content where id in (select from cp_content c inner join cp_product_content pc on inner join cp_product p on left outer join cp_pool pool on pool.productid = where LIKE '%_ueber_product' and is null);

delete from cp_product where id in (select from cp_product p left outer join cp_pool pool on pool.productid = where LIKE '%ueber%' and is null);

Note You need to log in before you can comment on or make changes to this bug.