Bug 1313208

Summary: rh_subscription has no concept of custom CA certificates
Product: Red Hat Enterprise Linux 7 Reporter: Marcel Wysocki <mwysocki>
Component: cloud-initAssignee: Lars Kellogg-Stedman <lars>
Status: CLOSED CURRENTRELEASE QA Contact: Zhitao Lin <zlin>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.4CC: huzhao, linl, mmagr, rmccabe, shaferc1, zlin
Target Milestone: rcKeywords: Triaged
Target Release: 7.3   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: cloud-init-0.7.9-1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-12-19 01:57:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Marcel Wysocki 2016-03-01 08:16:52 UTC 
Description of problem:
rh_subscription runs before bootcmd, where I install the CA cert.
Ideally the module itself should have a way to install custom satellite certs

[   18.108960] cloud-init[808]: 2016-03-01 03:03:18,678 - cc_rh_subscription.py[WARNING]: Registration failed due to: Error: CA certificate for subscription service has not been installed.
[   18.109436] cloud-init[808]: 2016-03-01 03:03:18,678 - cc_rh_subscription.py[WARNING]: Registration failed or did not run completely
[   18.109741] cloud-init[808]: 2016-03-01 03:03:18,678 - cc_rh_subscription.py[WARNING]: rh_subscription plugin did not complete successfully
[   18.339075] cloud-init[808]: Retrieving http://satsatsat.sat.sat/pub/katello-ca-consumer-latest.noarch.rpm
[   18.340928] cloud-init[808]: Preparing...                          ########################################
[   18.342057] cloud-init[808]: Updating / installing...
[   18.342714] cloud-init[808]: katello-ca-consumer-satsatsat.########################################

Version-Release number of selected component (if applicable):
0.7.6
Comment 2 Lars Kellogg-Stedman 2017-01-16 18:36:52 UTC 
In the forthcoming 0.7.9 cloud-init package (which should be dropping Real Soon Now), the rh_subscription plugin now runs as part of cloud_config_modules, which comes after both bootcmd and write-files.  This should permit installation of custom certificates.
Comment 3 Zhitao Lin 2019-12-18 08:14:51 UTC 
In cloud-init 18.5 and RHEL 7.7.2019090316, the issue is gone. So move the status to VERIFIED.

Below is detailed test info.

Test steps:
1. Create a VM on Azure and deploy cloud-init as the provisioning agent
2. Make sure it is unregistered.
3. configure the cloud-init configure file in /etc/cloud/cloud.cfg.d/*.cfg (Mine is rh_subscription.cfg)
4. Delete cloud-init's semaphore files in /var/lib/cloud/instance/sem
5. restart VM and it should be registered.
Comment 4 Huijuan Zhao 2019-12-19 01:57:21 UTC 
CLOSE this bug since the build(cloud-init 18.5 and RHEL 7.7) already released.
Comment 5 Corey Shafer 2020-07-02 12:28:47 UTC 
I am having this issue using Satellite 6.7 and a CentOS 7.8 image being deployed with a cloud-init userdata template.  Should I make another bug request?