Bug 2225406

Summary: Can not re-register with --force after deleting consumer certs against satellite614
Product: Red Hat Satellite Reporter: qianzhan
Component: Hosts - ContentAssignee: Jeremy Lenz <jlenz>
Status: CLOSED ERRATA QA Contact: qianzhan
Severity: medium Docs Contact:
Priority: medium    
Version: 6.14.0CC: ahumbe, crog, jlenz, lstejska, nmoumoul, rlavi, zhunting
Target Milestone: 6.14.0Keywords: Regression, Triaged, WorkAround
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: rubygem-katello-4.9.0.13-1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-11-08 14:20:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description qianzhan 2023-07-25 09:14:54 UTC 
Description of problem:
Can not re-register with --force after deleting consumer certs against satellite614

Version-Release number of selected component (if applicable):
katello-4.9.0-1.el8sat.noarch
candlepin-4.3.1-1.el8sat.noarch

How reproducible:
always

Steps to Reproduce:
1. Register RHEL-8.9.0-20230718.23 against satellite6.14 snap 8.0:

[root@koza-3 ~]# subscription-manager register --username=admin --password=admin  --org=sca_org --environment=Library
Registering to: dell-per740-68-vm-07.lab.eng.pek2.redhat.com:443/rhsm
The system has been registered with ID: e6798835-4cf6-4472-a0f9-c4848bc6e5d8
The registered system name is: koza-3.4a2m.lab.eng.bos.redhat.com

[root@koza-3 ~]# ls /etc/pki/entitlement/
5262642170835786293-key.pem  5262642170835786293.pem

[root@koza-3 ~]# ls /etc/pki/consumer/
cert.pem  key.pem


2. Remove the consumer certs, and re-register with --force:

[root@koza-3 ~]# rm -rf /etc/pki/consumer/*

[root@koza-3 ~]# ls /etc/pki/consumer/

[root@koza-3 ~]# subscription-manager register --force --username=admin --password=admin  --org=sca_org --environment=Library
Registering to: dell-per740-68-vm-07.lab.eng.pek2.redhat.com:443/rhsm
Unit e6798835-4cf6-4472-a0f9-c4848bc6e5d8 has been deleted (HTTP error code 410: Gone)



3. Check the rhsm.log:
2023-07-25 05:03:55,584 [INFO] subscription-manager:76316:MainThread @managerlib.py:72 - Consumer created: koza-3.4a2m.lab.eng.bos.redhat.com (e6798835-4cf6-4472-a0f9-c4848bc6e5d8)
2023-07-25 05:04:01,131 [INFO] subscription-manager:76316:MainThread @entcertlib.py:132 - certs updated:
Total updates: 1
Found (local) serial# []
Expected (UEP) serial# [5262642170835786293]
Added (new)
  [sn:5262642170835786293 ( Content Access,) @ /etc/pki/entitlement/5262642170835786293.pem]
Deleted (rogue):
  <NONE>
2023-07-25 05:05:33,424 [ERROR] subscription-manager:76549:MainThread @managercli.py:2043 - HTTP error (410 - Gone): Unit e6798835-4cf6-4472-a0f9-c4848bc6e5d8 has been deleted
Traceback (most recent call last):
  File "/usr/lib64/python3.6/site-packages/subscription_manager/managercli.py", line 2040, in _do_command
    service_level=self.options.service_level,
  File "/usr/lib64/python3.6/site-packages/rhsmlib/services/register.py", line 111, in register
    jwt_token=jwt_token
  File "/usr/lib64/python3.6/site-packages/rhsm/connection.py", line 1211, in registerConsumer
    return self.conn.request_post(url, params, headers=headers)
  File "/usr/lib64/python3.6/site-packages/rhsm/connection.py", line 992, in request_post
    return self._request("POST", method, params, headers=headers)
  File "/usr/lib64/python3.6/site-packages/rhsm/connection.py", line 1022, in _request
    info=info, headers=headers, cert_key_pairs=cert_key_pairs)
  File "/usr/lib64/python3.6/site-packages/rhsm/connection.py", line 870, in _request
    self.validateResponse(result, request_type, handler)
  File "/usr/lib64/python3.6/site-packages/rhsm/connection.py", line 914, in validateResponse
    parsed['deletedId'])
rhsm.connection.GoneException: HTTP error (410 - Gone): Unit e6798835-4cf6-4472-a0f9-c4848bc6e5d8 has been deleted
[root@koza-3 ~]# 

Actual results:
As step 2, re-register failed.

Expected results:
Re-register should succeed.

Additional info:
It is successful to re-register rhel against satellite6.13:

(1)
katello-4.7.0-1.el8sat.noarch
candlepin-4.2.15-1.el8sat.noarch

(2)
[root@sweetpig-21 ~]# subscription-manager register --username=admin --password=admin  --org=sca_org --environment=Library
Registering to: dell-per740-68-vm-05.lab.eng.pek2.redhat.com:443/rhsm
The system has been registered with ID: 8aa64c47-a8ad-494a-8d7a-4301f0f1bde5
The registered system name is: sweetpig-21.4a2m.lab.eng.bos.redhat.com

[root@sweetpig-21 ~]# ls /etc/pki/consumer/
cert.pem  key.pem
[root@sweetpig-21 ~]# rm -rf /etc/pki/consumer/*

[root@sweetpig-21 ~]# subscription-manager register --force --username=admin --password=admin  --org=sca_org --environment=Library

Registering to: dell-per740-68-vm-05.lab.eng.pek2.redhat.com:443/rhsm
The system has been registered with ID: 23d75fed-3cf1-4432-bc45-ed4a08339f6b
The registered system name is: sweetpig-21.4a2m.lab.eng.bos.redhat.com
1 local certificate has been deleted.

[root@sweetpig-21 ~]# subscription-manager  identity
system identity: 23d75fed-3cf1-4432-bc45-ed4a08339f6b
name: sweetpig-21.4a2m.lab.eng.bos.redhat.com
org name: sca_org
org ID: sca_org
environment name: Library
Comment 2 Leos Stejskal 2023-08-01 05:54:25 UTC 
I think it's a valid issue, if the user is re-registering the host we should not care about previous certificates.
Can you please upload logs from the Satellite?
Comment 3 qianzhan 2023-08-01 08:05:51 UTC 
Hi Leos, please check attachment 'sosreport-satellite614-2023-08-01-smhixfx.tar.xz'
Comment 5 Leos Stejskal 2023-08-02 08:06:34 UTC 
From a quick look the error is coming from Candlepin:
```
2023-08-01T03:47:13 [E|app|b2a936fe] RestClient::Gone: Katello::Resources::Candlepin::Consumer: 410 Gone {"displayMessage":"Unit e712063a-c5f6-47e4-a848-2fa8d7b8915f has been deleted","requestUuid":"c933aafd-6c6a-48cf-a700-5d0f09b8f1c1","deletedId":"e712063a-c5f6-47e4-a848-2fa8d7b8915f"} (PUT /candlepin/consumers/e712063a-c5f6-47e4-a848-2fa8d7b8915f)
 b2a936fe | Body: {"displayMessage":"Unit e712063a-c5f6-47e4-a848-2fa8d7b8915f has been deleted","requestUuid":"c933aafd-6c6a-48cf-a700-5d0f09b8f1c1","deletedId":"e712063a-c5f6-47e4-a848-2fa8d7b8915f"}
 b2a936fe | 
```
Comment 11 Jeremy Lenz 2023-08-11 14:53:57 UTC 
Created redmine issue https://projects.theforeman.org/issues/36674 from this bug
Comment 12 Jeremy Lenz 2023-08-11 19:35:46 UTC 
Workaround is to run the registration again. It will succeed the second time.
Comment 17 errata-xmlrpc 2023-11-08 14:20:07 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Satellite 6.14 security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:6818