Bug 1620136

Summary: [RHEL76] product-id plugin provided by dnf-plugin-subscription-manager fails to remove product certificate
Product: Red Hat Enterprise Linux 7 Reporter: Jiri Hnidek <jhnidek>
Component: subscription-managerAssignee: Jiri Hnidek <jhnidek>
Status: CLOSED ERRATA QA Contact: Red Hat subscription-manager QE Team <rhsm-qe>
Severity: high Docs Contact:
Priority: high    
Version: 7.6CC: csnyder, jsefler, khowell, lmiksik, salmy
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-08-06 16:50:12 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Comment 8 John Sefler 2019-05-02 20:32:55 UTC 
Verifying Version...  RHEL7.7 compose RHEL-7.7-20190430.1 (RHEL-7.7-Alpha-1.1) with latest-EXTRAS-7-RHEL-7

FIRST I WILL INSTALL dnf PACKAGES FROM latest-EXTRAS-7-RHEL-7 (NOT SHOWN)

[root@amd-pike-06 ~]# rpm -qa | egrep "dnf|subscription-manager" | sort
dnf-4.0.9.2-1.el7_6.noarch
dnf-data-4.0.9.2-1.el7_6.noarch
dnf-plugin-subscription-manager-1.24.4-1.el7.x86_64
libdnf-0.22.5-1.el7_6.x86_64
python2-dnf-4.0.9.2-1.el7_6.noarch
python2-dnf-plugins-core-4.0.2.2-3.el7_6.noarch
python2-libdnf-0.22.5-1.el7_6.x86_64
subscription-manager-1.24.4-1.el7.x86_64
subscription-manager-cockpit-1.24.4-1.el7.noarch
subscription-manager-gui-1.24.4-1.el7.x86_64
subscription-manager-initial-setup-addon-1.24.4-1.el7.x86_64
subscription-manager-migration-1.24.4-1.el7.x86_64
subscription-manager-migration-data-2.0.45-1.el7.noarch
subscription-manager-plugin-container-1.24.4-1.el7.x86_64
subscription-manager-plugin-ostree-1.24.4-1.el7.x86_64
subscription-manager-rhsm-1.24.4-1.el7.x86_64
subscription-manager-rhsm-certificates-1.24.4-1.el7.x86_64

NEXT I WILL DISABLE THE SUBSCRIPTION-MANAGER YUM PLUGIN BECAUSE WE WANT TO TEST DNF (NOT YUM!) ON RHEL7

[root@amd-pike-06 ~]# vi /etc/yum/pluginconf.d/subscription-manager.conf
[root@amd-pike-06 ~]# cat /etc/yum/pluginconf.d/subscription-manager.conf
[main]
enabled=0
[root@amd-pike-06 ~]# vi /etc/yum/pluginconf.d/product-id.conf 
[root@amd-pike-06 ~]# cat /etc/yum/pluginconf.d/product-id.conf 
[main]
enabled=0
[root@amd-pike-06 ~]# 
[root@amd-pike-06 ~]# subscription-manager config --rhsm.auto_enable_yum_plugins=0

NOW LET'S REGISTER AND BE GRANTED AN ENTITLEMENT FOR RHEL WITH ACCESS TO RHSCL

[root@amd-pike-06 ~]# subscription-manager register --serverurl=subscription.rhsm.stage.redhat.com --username=qa --auto-attach
Registering to: subscription.rhsm.stage.redhat.com:443/subscription
Password: 
The system has been registered with ID: 80199c7f-7a45-46d1-976e-e47bfb3e3579
The registered system name is: amd-pike-06.khw2.lab.eng.bos.redhat.com
Installed Product Current Status:
Product Name: Red Hat Enterprise Linux Server
Status:       Subscribed

[root@amd-pike-06 ~]# subscription-manager repos --enable=rhel-server-rhscl-7-rpms
Repository 'rhel-server-rhscl-7-rpms' is enabled for this system.

[root@amd-pike-06 ~]# dnf repolist --disablerepo=beaker*
Updating Subscription Management repositories.
Red Hat Software Collections RPMs for Red Hat E  21 MB/s |  21 MB     00:01    
Red Hat Enterprise Linux 7 Server (RPMs)         24 MB/s |  70 MB     00:02    
Last metadata expiration check: 0:00:08 ago on Thu 02 May 2019 04:12:22 PM EDT.
repo id                  repo name                                        status
rhel-7-server-rpms       Red Hat Enterprise Linux 7 Server (RPMs)         24,120
rhel-server-rhscl-7-rpms Red Hat Software Collections RPMs for Red Hat En 10,988
[root@amd-pike-06 ~]# 

[root@amd-pike-06 ~]# subscription-manager list --installed
+-------------------------------------------+
    Installed Product Status
+-------------------------------------------+
Product Name:   Red Hat Enterprise Linux Server
Product ID:     69
Version:        7.7 Beta
Arch:           x86_64
Status:         Subscribed
Status Details: 
Starts:         11/20/2012
Ends:           12/31/2021

NOW LETS INSTALL A PKG FROM rhel-server-rhscl-7-rpms AND OBSERVER PRODUCT 201 GETS INSTALLED

[root@amd-pike-06 ~]# dnf install devtoolset-3-apache-commons-el-javadoc-1.0-30* --disablerepo=beaker*
Updating Subscription Management repositories.
Last metadata expiration check: 0:05:35 ago on Thu 02 May 2019 04:12:22 PM EDT.
Dependencies resolved.
================================================================================
 Package                     Arch   Version      Repository                Size
================================================================================
Installing:
 devtoolset-3-apache-commons-el-javadoc
                             noarch 1.0-30.el7   rhel-server-rhscl-7-rpms 107 k
Installing dependencies:
 javapackages-tools          noarch 3.4.1-11.el7 rhel-7-server-rpms        73 k
 python-javapackages         noarch 3.4.1-11.el7 rhel-7-server-rpms        31 k

Transaction Summary
================================================================================
Install  3 Packages

Total download size: 211 k
Installed size: 1.8 M
Is this ok [y/N]: y
Downloading Packages:
(1/3): python-javapackages-3.4.1-11.el7.noarch.  81 kB/s |  31 kB     00:00    
(2/3): devtoolset-3-apache-commons-el-javadoc-1 254 kB/s | 107 kB     00:00    
(3/3): javapackages-tools-3.4.1-11.el7.noarch.r 160 kB/s |  73 kB     00:00    
--------------------------------------------------------------------------------
Total                                           460 kB/s | 211 kB     00:00     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Installing       : python-javapackages-3.4.1-11.el7.noarch                1/3 
  Installing       : javapackages-tools-3.4.1-11.el7.noarch                 2/3 
  Installing       : devtoolset-3-apache-commons-el-javadoc-1.0-30.el7.no   3/3 
  Verifying        : devtoolset-3-apache-commons-el-javadoc-1.0-30.el7.no   1/3 
  Verifying        : javapackages-tools-3.4.1-11.el7.noarch                 2/3 
  Verifying        : python-javapackages-3.4.1-11.el7.noarch                3/3 
Installed products updated.

Installed:
  devtoolset-3-apache-commons-el-javadoc-1.0-30.el7.noarch                      
  javapackages-tools-3.4.1-11.el7.noarch                                        
  python-javapackages-3.4.1-11.el7.noarch                                       

Complete!
[root@amd-pike-06 ~]# 
[root@amd-pike-06 ~]# subscription-manager list --installed
+-------------------------------------------+
    Installed Product Status
+-------------------------------------------+
Product Name:   Red Hat Software Collections (for RHEL Server)
Product ID:     201
Version:        3
Arch:           x86_64
Status:         Subscribed
Status Details: 
Starts:         11/20/2012
Ends:           12/31/2021

Product Name:   Red Hat Enterprise Linux Server
Product ID:     69
Version:        7.7 Beta
Arch:           x86_64
Status:         Subscribed
Status Details: 
Starts:         11/20/2012
Ends:           12/31/2021

[root@amd-pike-06 ~]# ls /etc/pki/product*
/etc/pki/product:
201.pem

/etc/pki/product-default:
69.pem

VERIFIED:  INSTALLATION OF A PACKAGE FROM rhel-server-rhscl-7-rpms ALSO INSTALLED THE CORRESPONDING PRODUCT CERT 201.pem

NOW LET'S REMOVE THE PACKAGE...

[root@amd-pike-06 ~]# dnf remove devtoolset-3-apache-commons-el-javadoc-1.0-30* --disablerepo=beaker*
Updating Subscription Management repositories.
Dependencies resolved.
================================================================================
 Package                    Arch   Version      Repository                 Size
================================================================================
Removing:
 devtoolset-3-apache-commons-el-javadoc
                            noarch 1.0-30.el7   @rhel-server-rhscl-7-rpms 1.6 M
Removing unused dependencies:
 javapackages-tools         noarch 3.4.1-11.el7 @rhel-7-server-rpms       156 k
 python-javapackages        noarch 3.4.1-11.el7 @rhel-7-server-rpms        65 k

Transaction Summary
================================================================================
Remove  3 Packages

Freed space: 1.8 M
Is this ok [y/N]: y
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Erasing          : devtoolset-3-apache-commons-el-javadoc-1.0-30.el7.no   1/3 
  Erasing          : javapackages-tools-3.4.1-11.el7.noarch                 2/3 
  Erasing          : python-javapackages-3.4.1-11.el7.noarch                3/3 
  Verifying        : devtoolset-3-apache-commons-el-javadoc-1.0-30.el7.no   1/3 
  Verifying        : javapackages-tools-3.4.1-11.el7.noarch                 2/3 
  Verifying        : python-javapackages-3.4.1-11.el7.noarch                3/3 
Installed products updated.

Removed:
  devtoolset-3-apache-commons-el-javadoc-1.0-30.el7.noarch                      
  javapackages-tools-3.4.1-11.el7.noarch                                        
  python-javapackages-3.4.1-11.el7.noarch                                       

Complete!

[root@amd-pike-06 ~]# subscription-manager list --installed
+-------------------------------------------+
    Installed Product Status
+-------------------------------------------+
Product Name:   Red Hat Enterprise Linux Server
Product ID:     69
Version:        7.7 Beta
Arch:           x86_64
Status:         Subscribed
Status Details: 
Starts:         11/20/2012
Ends:           12/31/2021

[root@amd-pike-06 ~]# ls /etc/pki/product*
/etc/pki/product:

/etc/pki/product-default:
69.pem

VERIFIED: WITH THE REMOVAL OF THE ONLY PACKAGE ON THE SYSTEM PROVIDED BY THE rhel-server-rhscl-7-rpms REPO, THE PRODUCTID CERT (201.pem) CORRESPONDING TO THAT REPO WAS ALSO REMOVED.



[root@amd-pike-06 ~]# tail -f /var/log/rhsm/rhsm.log 

2019-05-02 16:21:03,692 [DEBUG] dnf:13245:MainThread @product-id.py:52 - Adding productid metadata type to download for repo: rhel-server-rhscl-7-rpms
2019-05-02 16:21:03,693 [DEBUG] dnf:13245:MainThread @product-id.py:52 - Adding productid metadata type to download for repo: rhel-7-server-rpms
2019-05-02 16:21:25,617 [WARNING] dnf:13245:MainThread @logutil.py:142 - logging already initialized
2019-05-02 16:21:25,620 [DEBUG] dnf:13245:MainThread @plugins.py:571 - loaded plugin modules: [<module 'container_content' from '/usr/share/rhsm-plugins/container_content.pyc'>, <module 'ostree_content' from '/usr/share/rhsm-plugins/ostree_content.pyc'>]
2019-05-02 16:21:25,620 [DEBUG] dnf:13245:MainThread @plugins.py:572 - loaded plugins: {'container_content.ContainerContentPlugin': <container_content.ContainerContentPlugin object at 0x7f763e699190>, 'ostree_content.OstreeContentPlugin': <ostree_content.OstreeContentPlugin object at 0x7f763e698990>}
2019-05-02 16:21:25,620 [DEBUG] dnf:13245:MainThread @product-id.py:103 - Getting productid cert for repo: rhel-server-rhscl-7-rpms
2019-05-02 16:21:25,620 [DEBUG] dnf:13245:MainThread @product-id.py:105 - Content of productid cert: 
2019-05-02 16:21:25,620 [DEBUG] dnf:13245:MainThread @product-id.py:113 - Unable to load product id cert
2019-05-02 16:21:25,621 [DEBUG] dnf:13245:MainThread @product-id.py:103 - Getting productid cert for repo: rhel-7-server-rpms
2019-05-02 16:21:25,621 [DEBUG] dnf:13245:MainThread @product-id.py:105 - Content of productid cert: 
2019-05-02 16:21:25,621 [DEBUG] dnf:13245:MainThread @product-id.py:113 - Unable to load product id cert
2019-05-02 16:21:25,622 [DEBUG] dnf:13245:MainThread @product-id.py:185 - Wrote cache: /var/lib/rhsm/cache/productid_repo_mapping.json
2019-05-02 16:21:25,884 [DEBUG] dnf:13245:MainThread @productid.py:652 - Checking for product certs to remove. Active include: set([u'rhel-7-server-rpms'])
2019-05-02 16:21:25,997 [DEBUG] dnf:13245:MainThread @productid.py:663 - Skipping prod. cert.: /etc/pki/product-default/69.pem in protected directory
2019-05-02 16:21:25,998 [INFO] dnf:13245:MainThread @productid.py:717 - None of the repos for 201 are active: [u'rhel-server-rhscl-7-rpms']
2019-05-02 16:21:25,998 [INFO] dnf:13245:MainThread @productid.py:718 - product cert 201 for 201 is being deleted
2019-05-02 16:21:25,998 [DEBUG] dnf:13245:MainThread @productid.py:432 - Checking for product id certs to install or update.
2019-05-02 16:21:25,998 [DEBUG] dnf:13245:MainThread @productid.py:437 - active set([u'rhel-7-server-rpms'])
2019-05-02 16:21:25,998 [DEBUG] dnf:13245:MainThread @productid.py:438 - enabled [(<rhsm.certificate2.ProductCertificate object at 0x7f763e6a4610>, 'rhel-server-rhscl-7-rpms'), (<rhsm.certificate2.ProductCertificate object at 0x7f763e6af150>, 'rhel-7-server-rpms')]
2019-05-02 16:21:25,998 [DEBUG] dnf:13245:MainThread @productid.py:454 - product cert: 201 repo: rhel-server-rhscl-7-rpms
2019-05-02 16:21:25,998 [DEBUG] dnf:13245:MainThread @productid.py:454 - product cert: 69 repo: rhel-7-server-rpms
2019-05-02 16:21:25,999 [DEBUG] dnf:13245:MainThread @productid.py:514 - Latest version of product cert for Red Hat Enterprise Linux Server 7.6 is already installed, not updating
2019-05-02 16:21:25,999 [DEBUG] dnf:13245:MainThread @productid.py:570 - about to run post_product_id_install
2019-05-02 16:21:25,999 [DEBUG] dnf:13245:MainThread @productid.py:581 - about to run post_product_id_update
Comment 10 errata-xmlrpc 2019-08-06 16:50:12 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:2365
Comment 11 Red Hat Bugzilla 2023-09-14 04:33:29 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days