Bug 1119651

Summary: Can not register RHEL5.11-20140625.0 against SAM-1.4.1-RHEL-6-20140714.1
Product: [Retired] Subscription Asset Manager Reporter: qianzhan
Component: candlepinAssignee: Katello Bug Bin <katello-bugs>
Status: CLOSED WORKSFORME QA Contact: SAM QE List <sam-qe-list>
Severity: high Docs Contact:
Priority: urgent    
Version: 1.4CC: dgoodwin, liliu, qianzhan, shihliu
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-07-16 09:03:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description qianzhan 2014-07-15 08:39:06 UTC 
Description of problem:
Can not register RHEL5.11-20140625.0 against SAM-1.4.1-RHEL-6-20140714.1

Version-Release number of selected component (if applicable):
SAM components:
candlepin-0.9.6.4-1.el6sam.noarch
candlepin-scl-1-5.el6_4.noarch
candlepin-scl-quartz-2.1.5-5.el6_4.noarch
candlepin-scl-rhino-1.7R3-1.el6_4.noarch
candlepin-scl-runtime-1-5.el6_4.noarch
candlepin-selinux-0.9.6.4-1.el6sam.noarch
candlepin-tomcat6-0.9.6.4-1.el6sam.noarch
katello-candlepin-cert-key-pair-1.0-1.noarch
katello-certs-tools-1.4.2-2.el6sat.noarch
katello-cli-1.4.3.1-1.el6sam.noarch
katello-cli-common-1.4.3.1-1.el6sam.noarch
katello-common-1.4.3.26-1.el6sam_splice.noarch
katello-configure-1.4.5-1.el6sam.noarch
katello-glue-candlepin-1.4.3.26-1.el6sam_splice.noarch
katello-glue-elasticsearch-1.4.3.26-1.el6sam_splice.noarch
katello-headpin-1.4.3.26-1.el6sam_splice.noarch
katello-headpin-all-1.4.3.26-1.el6sam_splice.noarch
katello-selinux-1.4.4-2.el6sat.noarch
ruby193-rubygem-katello-redhat-access-engine-0.0.1-1.el6sam.noarch
thumbslug-0.0.40-1.el6sam.noarch
thumbslug-selinux-0.0.40-1.el6sam.noarch

RHEL5.11-20140625.0 components:
subscription-manager: 1.11.3-6.el5
python-rhsm: 1.11.3-3.el5

How reproducible:
always

Steps to Reproduce:
1. Server side:
(1) Install SAM-1.4.1-RHEL-6-20140714.1 build on RHEL6.5GA:
[root@dhcp-128-29 ~]# yum install -y katello-headpin-all
Loaded plugins: product-id, refresh-packagekit, security, subscription-manager
This system is receiving updates from Red Hat Subscription Management.
rhel-6-server-rpms                                                                                                                                                                          | 3.7 kB     00:00     
rhel-ha-for-rhel-6-server-rpms                                                                                                                                                              | 3.7 kB     00:00     
rhel-lb-for-rhel-6-server-rpms                                                                                                                                                              | 3.7 kB     00:00     
rhel-rs-for-rhel-6-server-rpms                                                                                                                                                              | 3.7 kB     00:00     
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package katello-headpin-all.noarch 0:1.4.3.26-1.el6sam_splice will be installed
--> Processing Dependency: katello-headpin for package: katello-headpin-all-1.4.3.26-1.el6sam_splice.noarch
--> Processing Dependency: katello-configure for package: katello-headpin-all-1.4.3.26-1.el6sam_splice.noarch
--> Processing Dependency: katello-cli for package: katello-headpin-all-1.4.3.26-1.el6sam_splice.noarch




...


  tomcat6-jsp-2.1-api.noarch 0:6.0.24-72.el6_5                              tomcat6-lib.noarch 0:6.0.24-72.el6_5                          tomcat6-servlet-2.5-api.noarch 0:6.0.24-72.el6_5                         
  wsdl4j.noarch 0:1.5.2-7.8.el6                                             xerces-j2.x86_64 0:2.7.1-12.6.el6_0                           xml-commons-apis.x86_64 0:1.3.04-3.6.el6                                 
  xml-commons-resolver.x86_64 0:1.1-4.18.el6                               

Dependency Updated:
  audit.x86_64 0:2.2-4.el6_5                     audit-libs.x86_64 0:2.2-4.el6_5                     httpd.x86_64 0:2.2.15-30.el6_5                     httpd-tools.x86_64 0:2.2.15-30.el6_5                    

Complete!

(2) Configuration of SAM:

[root@dhcp-128-29 ~]# katello-configure --deployment=sam --user-pass=admin
Starting Katello configuration
The top-level log file is [/var/log/katello/katello-configure-20140715-235206/main.log]
Katello configuration: |==========================================================================================================================================================================================|


(3) Import newest manifest into SAM:

[root@dhcp-128-29 ~]# headpin -u admin -p admin provider import_manifest --org=ACME_Corporation --name='Red Hat' --file=manifest_20140715.zip 
Provider [ Red Hat ] manifest import complete

2. Client side:
(1) Install RHEL6.5GA/RHEL5.11-20140625.0 as clients.
(2) Prepare to register to SAM:

[root@dhcp-15-55 ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1		localhost.localdomain localhost
::1		localhost6.localdomain6 localhost6
10.66.129.28 samserv.redhat.com
[root@dhcp-15-55 ~]# rpm -ivh http://10.66.129.28/pub/candlepin-cert-consumer-samserv.redhat.com-1.0-1.noarch.rpm
Retrieving http://10.66.129.28/pub/candlepin-cert-consumer-samserv.redhat.com-1.0-1.noarch.rpm
Preparing...                ########################################### [100%]
   1:candlepin-cert-consumer########################################### [100%]

(3) Register client to SAM:

[root@dhcp-15-55 ~]# subscription-manager register
Username: admin
Password: 
Unable to verify server's identity: certificate verify failed


Actual results:
As step2-(3), failed to register rhel5.11-20140625.0 to SAM-1.4.1-RHEL-6-20140714.1

Expected results:
The registration is successful.

Additional info:
1. I can register a rhel6.5GA to SAM-1.4.1-RHEL-6-20140714.1 successfully:

[root@dhcp-128-29 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.66.129.28 samserv.redhat.com
[root@dhcp-128-29 ~]# rpm -ivh http://10.66.129.28/pub/candlepin-cert-consumer-samserv.redhat.com-1.0-1.noarch.rpm
Retrieving http://10.66.129.28/pub/candlepin-cert-consumer-samserv.redhat.com-1.0-1.noarch.rpm
Preparing...                ########################################### [100%]
   1:candlepin-cert-consumer########################################### [100%]
[root@dhcp-128-29 ~]# subscription-manager register
Username: admin
Password: 
The system has been registered with ID: 6d19477d-dd57-4600-94fd-6e746ea3e793 


2. reproduce environment:
(1)IP of SAM-1.4.1-RHEL-6-20140714.1 server: 10.66.129.28
(2)IP of RHEL5.11-20140625.0 client: 10.66.15.55
(3)IP of RHEL6.5GA client: 10.66.128.31
Comment 1 Li Bin Liu 2014-07-15 10:35:27 UTC 
I have also tried to do registration with my RHEL6.5GA client(10.66.128.9, root/redhat), however, it always failed to register to the new sam 1.4.1 server(10.66.129.28) with the error "certificate verify failed", but it can register to the sam 1.4.0 server(10.66.128.24).
Comment 2 Devan Goodwin 2014-07-15 11:18:19 UTC 
Can you confirm that (a) the clocks are in sync, and (b) if you remove completely all candlepin-cert-consumer rpms, then re-install one for the server you intend to register to. I have a suspicion that installing a second one with the previous still installed is not taking effect.
Comment 3 Li Bin Liu 2014-07-15 12:31:32 UTC 
Hi Devan,

Thanks for your information! I checked the time of the sam server(10.66.129.28), it's really not correct, I then updated it to correct time, and removed the candlepin-cer-consumer again and re-install it, however, my client(10.66.128.9) still failed to register to the sam server.
Comment 4 Devan Goodwin 2014-07-15 21:48:28 UTC 
I'm not sure what's going on here, I started logging into systems to try to reproduce, but everything seems fine.

In original bug the 5.11 client is 10.66.15.55, on that system I was able to register fine without any changes:

[root@dhcp-15-55 ca]# subscription-manager identity
system identity: e9f11ac7-5fc7-4199-87dd-3c694c668979
name: dhcp-15-55.nay.redhat.com
org name: ACME_Corporation
org ID: ACME_Corporation


In comment #3 I see another 5.11 client referenced so I tried there too:

[root@dhcp-128-9 ca]# subscription-manager register --username=admin --password=admin                                              
The system has been registered with ID: 527e0700-9c80-4ea0-8299-122fccac407d 


So in original bug report, I am quite certain it was caused by clock skew, I can see warnings in rhsm.log on both systems. 

I can't say why it didn't immediately start working in comment #3 but it's gone now, we have two 5.11 clients talking to SAM 1.4.1, I believe clock skew was to blame here.
Comment 5 qianzhan 2014-07-16 09:03:30 UTC 
This bug does not exist in SAM-1.4.1-RHEL-6-20140714.1 server, so close it.