Bug 1425722

Summary: rhsmcertd update is not automatically regenerating consumer cert
Product: Red Hat Enterprise Linux 6 Reporter: qianzhan
Component: subscription-managerAssignee: candlepin-bugs
Status: CLOSED WORKSFORME QA Contact: John Sefler <jsefler>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.9CC: bcourt, candlepin-bugs, dgoodwin, fsharath, jmolet, jsefler, qianzhan, redakkan, skallesh, spandey
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 923159 Environment:
Last Closed: 2017-02-27 08:43:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 923159    
Bug Blocks: 863175, 1231074    
Attachments:
Description Flags
rhsm.log
none
rhsmcertd.log none

Comment 2 qianzhan 2017-02-22 08:42:03 UTC 
The attachments are 'rhsm.log' and 'rhsmcertd.log'.
Comment 3 qianzhan 2017-02-22 08:42:31 UTC 
Created attachment 1256376 [details]
rhsm.log
Comment 4 qianzhan 2017-02-22 08:42:56 UTC 
Created attachment 1256378 [details]
rhsmcertd.log
Comment 5 Barnaby Court 2017-02-23 14:46:52 UTC 
The certificate expiration is checked server side. If you update the time on the Satellite Server and the client and then restart the satellite server do you still see the reported bug?
Comment 6 qianzhan 2017-02-24 06:35:40 UTC 
1. I tried to restart satellite and then check the client after 2 mins, but the bug still exists:

[root@ibm-x3650-03 ~]# katello-service restart
Redirecting to /bin/systemctl stop  foreman-tasks.service

Redirecting to /bin/systemctl stop  httpd.service

Redirecting to /bin/systemctl stop  pulp_workers.service

Redirecting to /bin/systemctl stop  foreman-proxy.service

Redirecting to /bin/systemctl stop  pulp_streamer.service

Redirecting to /bin/systemctl stop  pulp_resource_manager.service

Redirecting to /bin/systemctl stop  pulp_celerybeat.service

Redirecting to /bin/systemctl stop  smart_proxy_dynflow_core.service

Redirecting to /bin/systemctl stop  tomcat.service

Redirecting to /bin/systemctl stop  squid.service

Redirecting to /bin/systemctl stop  qdrouterd.service

Redirecting to /bin/systemctl stop  qpidd.service

Redirecting to /bin/systemctl stop  postgresql.service

Redirecting to /bin/systemctl stop  mongod.service

Success!
Redirecting to /bin/systemctl start  mongod.service

Redirecting to /bin/systemctl start  postgresql.service

Redirecting to /bin/systemctl start  qpidd.service

Redirecting to /bin/systemctl start  qdrouterd.service

Redirecting to /bin/systemctl start  squid.service

Redirecting to /bin/systemctl start  tomcat.service

Redirecting to /bin/systemctl start  smart_proxy_dynflow_core.service

Redirecting to /bin/systemctl start  pulp_celerybeat.service

Redirecting to /bin/systemctl start  pulp_resource_manager.service

Redirecting to /bin/systemctl start  pulp_streamer.service

Redirecting to /bin/systemctl start  foreman-proxy.service

Redirecting to /bin/systemctl start  pulp_workers.service

Redirecting to /bin/systemctl start  httpd.service

Redirecting to /bin/systemctl start  foreman-tasks.service

Success!
[root@ibm-x3650-03 ~]# sleep 120

[root@dhcp-128-57 ~]# rct cat-cert /etc/pki/consumer/cert.pem | grep Date
	Start Date: 2017-02-24 06:19:25+00:00
	End Date: 2033-02-24 06:19:25+00:00


2. After step 1, I restart rhsmcertd on client, and tried again, still failed to see the cert regeneration:
[root@dhcp-128-57 ~]# service rhsmcertd restart
Stopping rhsmcertd...                                      [  OK  ]
Starting rhsmcertd...                                      [  OK  ]
[root@dhcp-128-57 ~]# sleep 120
[root@dhcp-128-57 ~]# rct cat-cert /etc/pki/consumer/cert.pem | grep Date
	Start Date: 2017-02-24 06:19:25+00:00
	End Date: 2033-02-24 06:19:25+00:00
[root@dhcp-128-57 ~]#
Comment 7 qianzhan 2017-02-27 06:58:55 UTC 
Can not reproduced this bug on RHEL-6.9-20170226.0 against SAM

1. 
[root@hp-dl2x170g6-02 ~]# subscription-manager version
server type: Red Hat Subscription Management
subscription management server: 1.4.3.28-1.el6sam_splice-Headpin
subscription management rules: Unknown
subscription-manager: 1.18.10-1.el6
python-rhsm: 1.18.6-1.el6

2.

[root@hp-dl2x170g6-02 ~]# date -s '+15 year +9 month +2 day'
Mon Nov 29 06:42:08 EST 2032
[root@hp-dl2x170g6-02 ~]# service rhsmcertd restart
Stopping rhsmcertd...                                      [  OK  ]
Starting rhsmcertd...                                      [  OK  ]
[root@hp-dl2x170g6-02 ~]# sleep 120
[root@hp-dl2x170g6-02 ~]# rct cat-cert /etc/pki/consumer/cert.pem | grep Date
	Start Date: 2032-11-29 11:45:15+00:00
	End Date: 2048-11-29 11:45:15+00:00
[root@hp-dl2x170g6-02 ~]#
Comment 8 qianzhan 2017-02-27 08:43:03 UTC 
This bug can not be reproduced on RHEL-6.9-20170226.0 against Satellite6.2.7:

[root@hp-dl2x170g6-02 ~]# date -s '+15 year +9 month +2 day'
Mon Nov 29 03:38:13 EST 2032
[root@hp-dl2x170g6-02 ~]# service rhsmcertd restart
Stopping rhsmcertd...                                      [  OK  ]
Starting rhsmcertd...                                      [  OK  ]
[root@hp-dl2x170g6-02 ~]# sleep 120
[root@hp-dl2x170g6-02 ~]# rct cat-cert /etc/pki/consumer/cert.pem | grep Date
	Start Date: 2032-11-29 08:40:14+00:00
	End Date: 2048-11-29 08:40:14+00:00

Close this bug as WORKSFORME.