Bug 1028074
Summary: | deleting consumer will move splice identity cert | ||
---|---|---|---|
Product: | [Retired] Subscription Asset Manager | Reporter: | Chris Duryee <cduryee> |
Component: | Splice | Assignee: | Splice Developers <splice-devel> |
Status: | CLOSED WONTFIX | QA Contact: | Og Maciel <omaciel> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | Nightly | CC: | bkearney, dgoodwin, jesusr, jgalipea, omaciel, vkuznets, xdmoon |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | 1026501 | Environment: | |
Last Closed: | 2017-06-26 20:37:38 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1026501 | ||
Bug Blocks: | 971511, 1014343 |
Comment 1
Carter Kozak
2014-08-13 18:26:42 UTC
Following steps illustratd in https://bugzilla.redhat.com/show_bug.cgi?id=1026501#c10 Version: # subscription-manager version server type: This system is currently not registered. subscription management server: 0.9.23-1 subscription management rules: 5.11 subscription-manager: 1.12.12-1.el6 python-rhsm: 1.12.5-1.el6 # rpm -q subscription-manager-migration-data subscription-manager-migration-data-2.0.11-1.el6.noarch Verification: 1) Consumer deleted at Server # subscription-manager register --serverurl=f20-candlepin.usersys.redhat.com:8443/candlepin Username: testuser1 Password: Organization: admin The system has been registered with ID: ed19664c-b57d-4f4b-b75b-4056de3b3923 # ls -l /etc/pki total 40 drwxr-xr-x. 6 root root 4096 Jun 19 19:09 CA drwxr-xr-x. 4 root root 4096 Jun 19 19:08 ca-trust drwxr-xr-x. 2 root root 4096 Aug 15 14:15 consumer drwxr-xr-x. 2 root root 4096 Aug 14 19:33 entitlement drwxr-xr-x. 2 root root 4096 Jun 19 19:08 java drwxr-xr-x. 2 root root 4096 Jul 24 23:20 nssdb drwxr-xr-x. 2 root root 4096 Jun 19 19:49 product drwxr-xr-x. 2 root root 4096 Jun 19 19:24 rpm-gpg drwx------. 2 root root 4096 Aug 15 2013 rsyslog drwxr-xr-x. 5 root root 4096 Jun 19 19:09 tls # ls -l /etc/pki/consumer/ total 8 -rw-r-----. 1 root root 1245 Aug 15 14:15 cert.pem -rw-r-----. 1 root root 1675 Aug 15 14:15 key.pem Faking the existence of a valid splice cert/key pair.. # cp /etc/pki/consumer/cert.pem /etc/pki/consumer/Splice_identity.cert # cp /etc/pki/consumer/key.pem /etc/pki/consumer/Splice_identity.key # ls -l /etc/pki/consumer/ total 16 -rw-r-----. 1 root root 1245 Aug 15 14:15 cert.pem -rw-r-----. 1 root root 1675 Aug 15 14:15 key.pem -rw-r-----. 1 root root 1245 Aug 15 14:17 Splice_identity.cert -rw-r-----. 1 root root 1675 Aug 15 14:18 Splice_identity.key Now let's delete the consumer at the server... # curl -k -u admin:admin --request DELETE https://f20-candlepin.usersys.redhat.com:8443/candlepin/consumers/ed19664c-b57d-4f4b-b75b-4056de3b3923 # service rhsmcertd restart Stopping rhsmcertd... [FAILED] Starting rhsmcertd... [ OK ] # sleep 120 # ls -l /etc/pki total 44 drwxr-xr-x. 6 root root 4096 Jun 19 19:09 CA drwxr-xr-x. 4 root root 4096 Jun 19 19:08 ca-trust drwxr-xr-x. 2 root root 4096 Aug 15 14:22 consumer drwxr-xr-x. 2 root root 4096 Aug 15 14:18 consumer.old drwxr-xr-x. 2 root root 4096 Aug 14 19:33 entitlement drwxr-xr-x. 2 root root 4096 Jun 19 19:08 java drwxr-xr-x. 2 root root 4096 Aug 15 14:20 nssdb drwxr-xr-x. 2 root root 4096 Jun 19 19:49 product drwxr-xr-x. 2 root root 4096 Jun 19 19:24 rpm-gpg drwx------. 2 root root 4096 Aug 15 2013 rsyslog drwxr-xr-x. 5 root root 4096 Jun 19 19:09 tls # ls -l /etc/pki/consumer.old/ total 16 -rw-r-----. 1 root root 1245 Aug 15 14:15 cert.pem -rw-r-----. 1 root root 1675 Aug 15 14:15 key.pem -rw-r-----. 1 root root 1245 Aug 15 14:17 Splice_identity.cert -rw-r-----. 1 root root 1675 Aug 15 14:18 Splice_identity.key # ls -l /etc/pki/consumer total 8 -rw-r-----. 1 root root 1245 Aug 15 14:17 Splice_identity.cert -rw-r-----. 1 root root 1675 Aug 15 14:18 Splice_identity.key VERIFED: When consumer is deleted at server, rhsmcertd creats a backup directory for consumer with its old contents and retains only the Splice key and cert. 2) Verifying clean # subscription-manager register --serverurl=f20-candlepin.usersys.redhat.com:8443/candlepin Username: testuser1 Password: Organization: admin The system has been registered with ID: 51a9737e-8c67-46f9-ad00-ff32dff09ecb # ls -l /etc/pki/consumer total 16 -rw-r-----. 1 root root 1245 Aug 15 14:28 cert.pem -rw-r-----. 1 root root 1675 Aug 15 14:28 key.pem -rw-r-----. 1 root root 1245 Aug 15 14:17 Splice_identity.cert -rw-r-----. 1 root root 1675 Aug 15 14:18 Splice_identity.key # subscription-manager clean All local data removed # ls -l /etc/pki/consumer total 8 -rw-r-----. 1 root root 1245 Aug 15 14:17 Splice_identity.cert -rw-r-----. 1 root root 1675 Aug 15 14:18 Splice_identity.key VERIFIED : clean removes eveything but Splice cert and key 3) Verifying unregister # subscription-manager register --serverurl=f20-candlepin.usersys.redhat.com:8443/candlepin Username: testuser1 Password: Organization: admin The system has been registered with ID: 5c7efd80-fe63-48dd-b166-28c77d69222a # ls -l /etc/pki/consumer total 16 -rw-r-----. 1 root root 1245 Aug 15 14:43 cert.pem -rw-r-----. 1 root root 1679 Aug 15 14:43 key.pem -rw-r-----. 1 root root 1245 Aug 15 14:17 Splice_identity.cert -rw-r-----. 1 root root 1675 Aug 15 14:18 Splice_identity.key # subscription-manager unregister System has been unregistered. # ls -l /etc/pki/consumer total 8 -rw-r-----. 1 root root 1245 Aug 15 14:17 Splice_identity.cert -rw-r-----. 1 root root 1675 Aug 15 14:18 Splice_identity.key Verified: After unregister Splice key and cert remain. Moving to VERIFIED The release of Satellite 5.8 we are deprecating the support of Subscription Asset Manager. The release notes for 5.8 can be found at https://access.redhat.com/documentation/en-us/red_hat_satellite/5.8/pdf/release_notes/Red_Hat_Satellite-5.8-Release_Notes-en-US.pdf. I am therefore closing out this bug as WONTFIX. If you believe this to be an error, please feel free tor each out to either Rich Jerrido or Bryan Kearney. Thank you! |