Bug 1092754

Summary: install-num-migrate-to-rhsm fails to choose appropriate product cert from subscription-manager-migration-data-2.0
Product: Red Hat Enterprise Linux 5 Reporter: John Sefler <jsefler>
Component: subscription-managerAssignee: Bryan Kearney <bkearney>
Status: CLOSED ERRATA QA Contact: John Sefler <jsefler>
Severity: high Docs Contact:
Priority: unspecified    
Version: 5.11CC: awood, bhamrick, bkearney, xdmoon
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Deprecated Functionality
Doc Text:
Deprecated functionality should describe removed or no longer supported features. As a result of this bug, the decision was made to remove the install-num-migrate-to-rhsm tool. This was a tool was used to check the installation number for a system and install the required product certificates. This is used for migrating an offline system to Customer Portal Subscription Management. Due to low usage and incompatibilities with new subscription-manager-migration-data packages, the decsion was made to remove this tool entirely. The needful should be done to mention it in the Release Notes / and remove it from the User Guides.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2014-09-16 00:22:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1039651    

Description John Sefler 2014-04-29 22:12:01 UTC 
Description of problem:
The install-num-migrate-to-rhsm tool (which is only applicable on RHEL5) fails to choose the appropriate product cert from subscription-manager-migration-data-2.0.  The reason is because subscription-manager-migration-data-2.0 is a collection of product certs from multiple releases of RHEL both past and present which is different than the logic that was used to assemble subscription-manager-migration-data-1.0.  The install-num-migrate-to-rhsm tool appears to randomly choose the first possible product cert and installs it regardless if the product certs applies to RHEL5 or RHEL6 or matches the redhat-release.


Version-Release number of selected component (if applicable):
[root@jsefler-5 ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 5.11 Beta (Tikanga)
[root@jsefler-5 ~]# rpm -q python-rhsm subscription-manager-migration subscription-manager-migration-data
python-rhsm-1.11.3-2.git.0.5968608.el5
subscription-manager-migration-1.11.3-1.git.12.94c021f.el5
subscription-manager-migration-data-2.0.7-1.git.0.4fc617f.el5


How reproducible:


Steps to Reproduce:

[root@jsefler-5 ~]# install-num-migrate-to-rhsm --dryrun --instnumber=000000890017fc00
Installing /usr/share/rhsm/product/RHEL-5/Server-Server-x86_64-06e8bd9df3f0-69.pem to /etc/pki/product/69.pem

[root@jsefler-5 ~]# rct cat-cert /usr/share/rhsm/product/RHEL-5/Server-Server-x86_64-06e8bd9df3f0-69.pem | grep Tags: -B5
Product:
	ID: 69
	Name: Red Hat Enterprise Linux Server
	Version: 6.5
	Arch: x86_64
	Tags: rhel-6,rhel-6-server

BANG! Installing a RHEL6.5 product cert onto a RHEL5.11 Server is a bad choice!  Because the tags are wrong, an entitlement from a RHEL subscription repo will grant this system access to the wrong content sets.




Additional info:
[root@jsefler-5 ~]# python /usr/lib/python2.4/site-packages/instnum.py 000000890017fc00 | egrep "^{.*}$"
{'Virt': 'VT', 'Base': 'Server'}

[root@jsefler-5 ~]# ls -C1 /usr/share/rhsm/product/RHEL-5/ | egrep "^Server-(Server|VT)-x86_64-.*-69.pem"
Server-Server-x86_64-00109b956e23-69.pem
Server-Server-x86_64-06e8bd9df3f0-69.pem
Server-Server-x86_64-23d36f276d57-69.pem
Server-Server-x86_64-323beb20e916-69.pem
Server-Server-x86_64-a515006cc2b2-69.pem
Server-Server-x86_64-e774841f1bf0-69.pem
Server-Server-x86_64-f2915f6444f4-69.pem

^^ These are all of the potential product certs to be installed given installation number 000000890017fc00.  Realizing that only one 69.pem product cert can be installed, let's take a closer look at the candidates....

[root@jsefler-5 RHEL-5]# cd /usr/share/rhsm/product/RHEL-5/; for f in $(ls -C1 /usr/share/rhsm/product/RHEL-5/ | egrep "^Server-(Server|VT)-x86_64-.*-69.pem"); do echo $f; rct cat-cert $f | grep Tags -B2; done;
Server-Server-x86_64-00109b956e23-69.pem
	Version: 5.10 Beta
	Arch: x86_64
	Tags: rhel-5,rhel-5-server
Server-Server-x86_64-06e8bd9df3f0-69.pem
	Version: 6.5
	Arch: x86_64
	Tags: rhel-6,rhel-6-server
Server-Server-x86_64-23d36f276d57-69.pem
	Version: 6.3
	Arch: x86_64
	Tags: rhel-6,rhel-6-server
Server-Server-x86_64-323beb20e916-69.pem
	Version: 6.4 Beta
	Arch: x86_64
	Tags: rhel-6,rhel-6-server
Server-Server-x86_64-a515006cc2b2-69.pem
	Version: 5.8
	Arch: x86_64
	Tags: rhel-5,rhel-5-server
Server-Server-x86_64-e774841f1bf0-69.pem
	Version: 6.5 Beta
	Arch: x86_64
	Tags: rhel-6,rhel-6-server
Server-Server-x86_64-f2915f6444f4-69.pem
	Version: 7.0
	Arch: x86_64
	Tags: rhel-7,rhel-7-server


Among these candidates, Server-Server-x86_64-00109b956e23-69.pem is the best choice because...
1. It has a rhel-5 product tag
2. Its version, 5.10 Beta, is the newest. Note: a 5.11 product cert matching the redhat-release would be best, but is blocked by bug 1080072
Comment 1 RHEL Program Management 2014-04-29 22:18:28 UTC 
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release.  Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products.  This request is not yet committed for inclusion in
a release.
Comment 5 Carter Kozak 2014-05-27 19:53:07 UTC 
Removed the tool from rhel5.11
Comment 6 Carter Kozak 2014-05-27 19:53:30 UTC 
commit 2bc51dd501b5d63cd04933462bda88e03eb78572
Author: ckozak <ckozak>
Date:   Thu May 22 16:01:37 2014 -0400

    1092754: 1094879: Remove install-num-migrate-to-rhsm tool
    
    Remove 'install-num*' special case in make stylish
    Update README.Fedora to remove ref to
    install-num-migrate-to-rhsm.
Comment 8 John Sefler 2014-05-30 21:03:59 UTC 
As discussed above, a decision was made to remove install-num-migrate-to-rhsm from the subscription-manager package due to low usage rather than make it compatible with the format of the new subscription-manager-migration-data-2.0 package.

Verifying Version...
[root@jsefler-5 ~]# rpm -q subscription-manager
subscription-manager-1.11.3-5.el5
[root@jsefler-5 ~]# rpm -ql subscription-manager | grep install-num-migrate-to-rhsm
[root@jsefler-5 ~]# man install-num-migrate-to-rhsm
No manual entry for install-num-migrate-to-rhsm
[root@jsefler-5 ~]# install-num-migrate-to-rhsm
-bash: install-num-migrate-to-rhsm: command not found
[root@jsefler-5 ~]# 

As demonstrated, the install-num-migrate-to-rhsm has been removed.

Moving to VERIFIED
Comment 11 errata-xmlrpc 2014-09-16 00:22:48 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1225.html