Bug 1246976

Summary: "RestlibException: Access denied" when configure virt-who with "rhsm_username and rhsm_password"
Product: Red Hat Satellite Reporter: Liushihui <shihliu>
Component: RegistrationAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED DUPLICATE QA Contact: Katello QA List <katello-qa-list>
Severity: high Docs Contact:
Priority: unspecified    
Version: UnspecifiedCC: bbuckingham, bcourt, bkearney, csnyder, gxing, hsun, rbalakri, rnovacek, sgao, shihliu
Target Milestone: Unspecified   
Target Release: Unused   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1229235 Environment:
Last Closed: 2016-05-26 15:00:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1229235    
Bug Blocks:    

Comment 1 Radek Novacek 2015-07-28 10:49:29 UTC 
Moving to candlepin. Any ideas what could be the problem here? Registration with given credentials works but hypervisors_update calls fails.
Comment 2 Liushihui 2015-08-14 03:27:43 UTC 
It still exist on Satellite-6.1.0-RHEL-7-20150812.0.

Version-Release number of selected component (if applicable):
katello-2.2.0.14-1.el7sat.noarch
foreman-1.7.2.33-1.el7sat.noarch
candlepin-0.9.49.3-1.el7.noarch
Comment 3 Bryan Kearney 2015-10-27 18:14:16 UTC 
I am going to guess that the user just upgraded to Satellite 6.1, Is that correct? If so can you confirm if the prefix setting in /etc/rhsm/rhsm.conf is set to "/rhsm". If not, please change this and re-try. Please also double check that the rhsm_prefix is not overriding this in the /etc/virt-who.d configuration.

-- bk
Comment 4 Liushihui 2015-10-28 03:19:07 UTC 
Yes, system registered to Satellite-6.1.0-RHEL-7-20150828.0,. the prefix=/rhsm in /etc/rhsm/rhsm.conf. the rhsm_profix is not overriding this in the /etc/virt-who/XXX
[root@hp-z220-10 ~]# cat /etc/rhsm/rhsm.conf  | grep -v ^# | grep -v ^$
[server]
hostname = intel-waimeabay-hedt-01.ml3.eng.bos.redhat.com
prefix = /rhsm
port = 443
insecure = 0
ssl_verify_depth = 3
proxy_hostname =
proxy_port =
proxy_user =
proxy_password =
[rhsm]
baseurl= https://intel-waimeabay-hedt-01.ml3.eng.bos.redhat.com/pulp/repos
ca_cert_dir = /etc/rhsm/ca/
repo_ca_cert = %(ca_cert_dir)skatello-server-ca.pem
productCertDir = /etc/pki/product
entitlementCertDir = /etc/pki/entitlement
consumerCertDir = /etc/pki/consumer
manage_repos = 1
full_refresh_on_yum = 1
report_package_profile = 1
pluginDir = /usr/share/rhsm-plugins
pluginConfDir = /etc/rhsm/pluginconf.d
[rhsmcertd]
certCheckInterval = 240
autoAttachInterval = 1440

[root@hp-z220-10 ~]# cat /etc/virt-who.d/virtwho
[test-hyperv1]
type=hyperv
server=http://10.66.128.9
username=Administrator
encrypted_password=7430ce339e913ecfb2663d33d74b4bfa
owner=ACME_Corporation
env=Library 
rhsm_username=admin
rhsm_password=admin
Comment 6 Chris Snyder 2016-03-23 17:30:19 UTC 
I can successfully duplicate this issue using the latest virt-who (upstream master) or virt-who-0.16-7.el6 only when communicating with Candlepin through Satellite. When I attempt to recreate the issue against candlepin directly, I cannot.

As such I am moving the issue to the Registration component.
Comment 7 Eko 2016-04-01 02:49:34 UTC 
can duplicate this issue for SAM-1.4
[virtwho.main ERROR] MainProcess(8052):MainThread @virtwho.py:send:203 - Unable to send data: Communication with subscription manager failed with code 403: User admin is not allowed to access api/v1/systems/hypervisors_update
Comment 8 Barnaby Court 2016-04-06 13:53:45 UTC 
As per comment 6 this is an issue in the proxy layer sitting in front of Candlepin.
Comment 9 Bryan Kearney 2016-05-26 15:00:32 UTC 
This is a server side issue as tracked in https://bugzilla.redhat.com/show_bug.cgi?id=1229235

*** This bug has been marked as a duplicate of bug 1229235 ***