Bug 1308349
| Summary: | Entitlement certificate creation fails with "/etc/pki/rhui/certs/entitlement-ca.srl : No such file" | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Update Infrastructure for Cloud Providers | Reporter: | Karan Rai <krai> | ||||
| Component: | Tools | Assignee: | Patrick Creech <pcreech> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Irina Gulina <igulina> | ||||
| Severity: | low | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 3.0.0 | CC: | igulina, pcreech | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2017-03-01 22:11:40 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 1358564, 1364024 | ||||||
| Bug Blocks: | 1224956, 1349361 | ||||||
| Attachments: |
|
||||||
Reproduced on RHUI-3.0-RHEL-6-20160712.n.1-RHUI-x86_64-dvd1.iso. When fixing it, please also mind point #2:
#1 If there are no any repos, 'create an entitlement certificate' reports so. And it's expected:
rhui (client) => e
There are no respository associated to RHUI, please add a Red Hat repo or create a custom repo in the manage repository subsection.
#2 If there is a protected custom repo, but no RH repos, 'create an entitlement certificate' doesn't create the cert, and says to create a custom repo, however there is one:
rhui (repo) => l
Custom Repositories
repo_protected
rhui (client) => e
There are no respository associated to RHUI, please add a Red Hat repo or create a custom repo in the manage repository subsection.
#3 When there are RH repo and custom protected repo:
rhui (repo) => l
Custom Repositories
repo_protected
Red Hat Repositories
Red Hat Update Infrastructure 2.0 (RPMs) (6Server-i386)
Red Hat Update Infrastructure 2.0 (RPMs) (6Server-x86_64)
rhui (client) => e
Select one or more repositories to include in the entitlement certificate:
Custom Repositories
Red Hat Repositories
- 1 : Red Hat Update Infrastructure 2.0 (RPMs)
Enter value (1-1) to toggle selection, 'c' to confirm selections, or '?' for more commands: 1
Select one or more repositories to include in the entitlement certificate:
Custom Repositories
Red Hat Repositories
x 1 : Red Hat Update Infrastructure 2.0 (RPMs)
Enter value (1-1) to toggle selection, 'c' to confirm selections, or '?' for more commands: c
Name of the certificate. This will be used as the name of the certificate file
(name.crt) and its associated private key (name.key). Choose something that will
help identify the products contained with it:
irina_ec
Local directory in which to save the generated certificate [current directory]:
/tmp
Number of days the certificate should be valid [365]:
Repositories to be included in the entitlement certificate:
Red Hat Repositories
Red Hat Update Infrastructure 2.0 (RPMs)
Proceed? (y/n) y
..............+++
.+++
Error creating entitlement certificate, check the log file for more information
>> less /root/.rhui/rhui.log
2016-07-14 09:52:54,946 - Certificate creation output
2016-07-14 09:52:54,946 -
2016-07-14 09:52:54,946 - Signature ok
subject=/CN=Red Hat Update Infrastructure
Getting CA Private Key
/etc/pki/rhui/certs/entitlement-ca.srl: No such file or directory
139942278465440:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/etc/pki/rhui/certs/entitlement-ca.srl','r')
139942278465440:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
BZ is still there. See https://bugzilla.redhat.com/show_bug.cgi?id=1349361#c3 Failed QE on both RHEL6 and RHEL7 ISOes 20160823. See attachment, notes in red and green. Created attachment 1195376 [details]
screenshot of entitlement and custom rpm creation
Depends On: 1364024 was added because I can't check whether the created entitlement and custom rpm work as expected. -= Client Entitlement Management =-
e generate an entitlement certificate
c create a client configuration RPM from an entitlement certificate
Connected: rhua.example.com
------------------------------------------------------------------------------
rhui (client) => e
Select one or more repositories to include in the entitlement certificate:
Custom Repositories
- 1 : protected_repo1
protected_repo1
Red Hat Repositories
- 2 : Red Hat Update Infrastructure 2.0 (RPMs)
- 3 : Red Hat Update Infrastructure 2.0 (SRPMS)
Enter value (1-3) to toggle selection, 'c' to confirm selections, or '?' for more commands: 1-3
Select one or more repositories to include in the entitlement certificate:
Custom Repositories
x 1 : protected_repo1
protected_repo1
Red Hat Repositories
x 2 : Red Hat Update Infrastructure 2.0 (RPMs)
x 3 : Red Hat Update Infrastructure 2.0 (SRPMS)
Enter value (1-3) to toggle selection, 'c' to confirm selections, or '?' for more commands: c
Name of the certificate. This will be used as the name of the certificate file
(name.crt) and its associated private key (name.key). Choose something that will
help identify the products contained with it:
my-cert
Local directory in which to save the generated certificate [current directory]:
/tmp
Number of days the certificate should be valid [365]:
Repositories to be included in the entitlement certificate:
Custom Entitlements
protected_repo1
Red Hat Repositories
Red Hat Update Infrastructure 2.0 (RPMs)
Red Hat Update Infrastructure 2.0 (SRPMS)
Proceed? (y/n) y
.+++
.........................................................................+++
Entitlement certificate created at /tmp/my-cert.crt
------------------------------------------------------------------------------
rhui (client) => e
Select one or more repositories to include in the entitlement certificate:
Custom Repositories
- 1 : protected_repo1
protected_repo1
Red Hat Repositories
- 2 : Red Hat Update Infrastructure 2.0 (RPMs)
- 3 : Red Hat Update Infrastructure 2.0 (SRPMS)
Enter value (1-3) to toggle selection, 'c' to confirm selections, or '?' for more commands: b
------------------------------------------------------------------------------
rhui (client) => c
Full path to local directory in which the client configuration files generated by this tool
should be stored (if this directory does not exist, it will be created):
/tmp
Name of the RPM:
my-rpm
Version of the configuration RPM [2.0]:
Full path to the entitlement certificate authorizing the client to access
specific channels:
/tmp/my-cert.crt
Full path to the private key for the above entitlement certificate:
/tmp/my-cert.key
Port to serve Docker content on (default 5000):
Select any unprotected repositories to be included in the client configuration:
- 1 : unprotected_repo1
Enter value (1-1) to toggle selection, 'c' to confirm selections, or '?' for more commands: 1
Select any unprotected repositories to be included in the client configuration:
x 1 : unprotected_repo1
Enter value (1-1) to toggle selection, 'c' to confirm selections, or '?' for more commands: c
Successfully created client configuration RPM.
RPMs can be found at /tmp
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:0367 |
Description of problem: After a fresh RHUI 3 installation when trying to create an entitlement certificate for the client rpm, it fails because there is no /etc/pki/rhui/certs/entitlement-ca.srl. Ideally it should created automatically. Version-Release number of selected component (if applicable): rh-rhui-tools-pre.3.0.16-1.el7ui.noarch How reproducible: Everytime Steps to Reproduce: 1. After a fresh install of RHUI3 search for entitlement-ca.srl file under /etc/pki/rhui/certs directory 2. Try to create an entitlement certificate via rhui-manager. 3. It fails with error - Error creating entitlement certificate, check the log file for more information Actual results: Error in /root/.rhui/rhui.log - ========= Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/rhui/tools/pulp_api.py", line 155, in repo importer_response = self.repo_importer_api.importers(id) File "/usr/lib/python2.7/site-packages/pulp/bindings/repository.py", line 201, in importers return self.server.GET(path) File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 91, in GET return self._request('GET', path, queries) File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 147, in _request response_code, response_body = self.server_wrapper.request(method, url, body) File "/usr/lib/python2.7/site-packages/pulp/bindings/server.py", line 333, in request response = connection.getresponse() File "/usr/lib64/python2.7/httplib.py", line 1051, in getresponse response.begin() File "/usr/lib64/python2.7/httplib.py", line 415, in begin version, status, reason = self._read_status() File "/usr/lib64/python2.7/httplib.py", line 371, in _read_status line = self.fp.readline(_MAXLINE + 1) File "/usr/lib64/python2.7/socket.py", line 476, in readline data = self._sock.recv(self._rbufsize) File "/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Connection.py", line 228, in read return self._read_bio(size) File "/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Connection.py", line 213, in _read_bio return m2.ssl_read(self.ssl, size, self._timeout) KeyboardInterrupt 2016-02-14 09:25:42,887 - Private key creation output 2016-02-14 09:25:42,888 - Exit Code: 0 2016-02-14 09:25:42,889 - 2016-02-14 09:25:42,889 - writing RSA key 2016-02-14 09:25:42,894 - Command [openssl x509 -req -days 365 -in /root/client/rhuiclient.csr -CA /etc/pki/rhui/certs/entitlement-ca.crt -CAkey /etc/pki/rhui/private/entitlement-ca.key -CAserial /etc/pki/rhui/certs/entitlement-ca.srl -out /root/client/rhuiclient.crt -extfile /root/client/rhuiclient-extensions.txt -extensions rhui] 2016-02-14 09:25:42,936 - Certificate creation output 2016-02-14 09:25:42,937 - 2016-02-14 09:25:42,937 - Signature ok subject=/CN=Red Hat Update Infrastructure Getting CA Private Key /etc/pki/rhui/certs/entitlement-ca.srl: No such file or directory 140658459240352:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/etc/pki/rhui/certs/entitlement-ca.srl','r') 140658459240352:error:20074002:BIO r outines:FILE_CTRL:system lib:bss_file.c:400: =========== Expected results: 1. Entitlement certificate created at /root/client/rhuiclient.crt OR 2. File /etc/pki/rhui/certs/entitlement-ca.srl should be created automatically. Additional info: Workaround - create the file manually - # echo 01 > /etc/pki/rhui/certs/entitlement-ca.srl