7018748: Command “zypper ref” returns an HTTP 400 error in SUSE Manager 3.0 client.

This document (7018748) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Manager 3

SUSE Manager 3 Proxy

Situation

Any “zypper” command in a client connected to SUSE Manager or SUSE Manager Proxy is throwing the following error:

# zypper ref

Refreshing service 'spacewalk'.Download (curl) error for 'https://xxxx.domain.company.net/XMLRPC/GET-REQ/reponame_xxxx/repodata/repomd.xml?head_requests=no':Error code: HTTP response: 400Error message: The requested URL returned error: 400Abort, retry, ignore? [a/r/i/? shows all options] (a):

In the rhn logs, the following can be seen :

2017/03/23 13:44:32 +02:00 3969 10.10.191.160: xmlrpc/registration.register_osad2017/03/23 13:44:32 +02:00 3970 10.10.191.160: xmlrpc/registration.register_osad_jid2017/03/23 13:45:17 +02:00 4705 10.10.191.90: xmlrpc/registration.welcome_message('lang: None',)2017/03/23 13:45:17 +02:00 4706 10.10.191.90: xmlrpc/registration.register_osad2017/03/23 13:45:17 +02:00 4706 10.10.191.90: rhnServer/server_certificate.valid('Server id ID-1000010060 not found in database',)

Resolution

For existing clients connected already.
The process involves 4 stages :
1. Downgrade Apache2 on your SUMA server
In case there is a SUSE Manager Proxy, the same command will need to be run on it, to avoid the same error happening with the clients behind the SUSE Manager Proxy.
You It is possible to verify the previous versions of apache2 using the command “zypper search -s apache2”
Please run the following command for SLES12SP1:
zypper in –oldpackage apache2-2.4.16-12.1 apache2-prefork-2.4.16-12.1 apache2-utils-2.4.16-12.1
For SLES12SP2:
zypper in –oldpackage apache2-2.4.23-16.3 apache2-prefork-2.4.23-16.3 apache2-utils-2.4.23-16.3
2. Download the patches on the SUMA server which contains the fix for all the clients.
mgr-sync refresh –refresh-channels
3. Distribute the patches to the client.
On the clients that are connected, run
zypper up zypper
It is also possible to use the WebUI to install the patch using SSM on all clients.

For details see the documentation here :

4. Patch Apache2 on the SUMA server which was downgraded earlier on step 1.
zypper up apache2 apache2-prefork apache2-utils

Cause

Apache2 received a security update which resulted in stricter header checking.

Unfortunately the headers sent from the zypp-plugin are now considered bad requests, so clients no longer can communicate with the server, resulting in the error (error 400).

Status

Reported to Engineering

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related:

Leave a Reply