Bug 2227019

Summary: rhc fails to retrieve the system profile
Product: Red Hat Enterprise Linux 8 Reporter: Alba Hita <ahitacat>
Component: rhcAssignee: CSI Client Tools Bugs <csi-client-tools-bugs>
Status: CLOSED ERRATA QA Contact: CSI Client Tools Bugs <csi-client-tools-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.9CC: arpandey, cmarinea, csi-client-tools-bugs, qianzhan, zpetrace
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: rhc-0.2.4-1.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2227012 Environment:
Last Closed: 2023-11-14 15:36:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2227012    
Bug Blocks:    

Description Alba Hita 2023-07-27 13:05:55 UTC 
+++ This bug was initially created as a clone of Bug #2227012 +++

Description of problem:
When rhc cannot retrieve the profile it will debug this failure, but the execution will fail without any error.

rhc should not end with a 1 status if it is connected to rhsm and insights.



Version-Release number of selected component (if applicable):
rhc-0.2.2-1.el9

How reproducible:
Always


Actual results:
>>> rhc connect
Connecting localhost.localdomain to Red Hat.
This might take a few seconds.
● Connected to Red Hat Subscription Management
● Connected to Red Hat Insights
● Activated the Remote Host Configuration daemon
Successfully connected to Red Hat!
Manage your connected systems: https://red.ht/connector
The following errors were encountered during connect:
STEP ERROR 
Remote Host Configuration Cannot get the user profile: Get "https://subscription.rhsm.stage.redhat.com/redhat_access/r/insights/platform/config-manager/v2/profiles/current": x509: certificate signed by unknown authority
echo $?
1

Expected results:
>>> rhc connect
Connecting localhost.localdomain to Red Hat.
This might take a few seconds.
● Connected to Red Hat Subscription Management
● Connected to Red Hat Insights
● Activated the Remote Host Configuration daemon
Successfully connected to Red Hat!
Manage your connected systems: https://red.ht/connector
The following errors were encountered during connect:
STEP ERROR 
Remote Host Configuration Cannot get the user profile: Get "https://subscription.rhsm.stage.redhat.com/redhat_access/r/insights/platform/config-manager/v2/profiles/current": x509: certificate signed by unknown authority
echo $?
0
Comment 1 qianzhan 2023-08-01 07:13:36 UTC 
Pre-verification:

1. Provision RHEL-8.9.0-20230731.d.62-BaseOS-x86_64 in beaker.


2. Update rhc:

[root@dell-per740-68-vm-07 ~]# rpm -qa | grep rhc
rhc-0.2.2-1.el8.x86_64

 
[root@dell-per740-68-vm-07 ~]# dnf update --repoid=copr:copr.devel.redhat.com:ahitacat:rhc
…
…
Installed products updated.
Upgraded:
  rhc-1:0.2.4-0.3.git.4dc7e38.el8.x86_64
Complete!

[root@dell-per740-68-vm-07 ~]# rpm -qa | grep rhc
rhc-0.2.4-0.3.git.4dc7e38.el8.x86_64

 
3. Configure rhc to connect Stage:

[root@dell-per740-68-vm-07 ~]# cat /etc/rhc/config.toml 
# yggdrasil global configuration settings
broker = ["wss://connect.cloud.stage.redhat.com:443"]
data-host = "cert.cloud.stage.redhat.com"
log-level = "debug"
cert-file = "/etc/pki/consumer/cert.pem"
key-file = "/etc/pki/consumer/key.pem" 


[root@dell-per740-68-vm-07 ~]# subscription-manager config --server.hostname=subscription.rhsm.stage.redhat.com


4. To reproduce the 'x509: certificate signed by unknown authority' issue, make sure base_url is not specified:

[root@dell-per740-68-vm-07 ~]# cat /etc/insights-client/insights-client.conf | grep base_url
#base_url=cert-api.access.redhat.com:443/r/insights 


5. Connect the system by rhc:
[root@dell-per740-68-vm-07 ~]# rhc connect
Connecting dell-per740-68-vm-07.lab.eng.pek2.redhat.com to Red Hat.

This might take a few seconds.

Username: insights-qa

Password: 

● Connected to Red Hat Subscription Management

● Connected to Red Hat Insights

● Activated the rhc daemon

 

Successfully connected to Red Hat!

 

Manage your connected systems: https://red.ht/connector

 

STEP      DURATION  

rhsm      22.901s   

insights  40.006s   

rhc       22ms      

 

The following errors were encountered during connect:

 

TYPE  STEP  ERROR  

WARN  rhc   cannot get the user profile: Get "https://subscription.rhsm.stage.redhat.com/redhat_access/r/insights/platform/config-manager/v2/profiles/current": tls: failed to verify certificate: x509: certificate signed by unknown authority

[root@dell-per740-68-vm-07 ~]# echo $?

0


As per step 5, return code is 0 when the system is connected to both RHSM and insights. So set the bug verified:tested.
Comment 4 Zdenek Petracek 2023-08-21 16:15:44 UTC 
rhc version:
[root@kvm-02-guest04 ~]# rpm -qa | grep rhc
rhc-0.2.4-1.el8.x86_64

[root@kvm-02-guest04 ~]# subscription-manager config --server.hostname=subscription.rhsm.stage.redhat.com

[root@kvm-02-guest04 ~]# subscription-manager register
Registering to: subscription.rhsm.stage.redhat.com:443/subscription
Username: zpetracek
Password: 
The system has been registered with ID: a47124b9-bc27-471e-8760-b3c6169e1c12
The registered system name is: kvm-02-guest04.rhts.eng.brq.redhat.com

[root@kvm-02-guest04 ~]# subscription-manager repos --list-enabled
+----------------------------------------------------------+
    Available Repositories in /etc/yum.repos.d/redhat.repo
+----------------------------------------------------------+
Repo ID:   rhel-8-for-x86_64-appstream-beta-rpms
Repo Name: Red Hat Enterprise Linux 8 for x86_64 - AppStream Beta (RPMs)
Repo URL:  https://cdn.redhat.com/content/beta/rhel8/8/x86_64/appstream/os
Enabled:   1

Repo ID:   rhel-8-for-x86_64-baseos-beta-rpms
Repo Name: Red Hat Enterprise Linux 8 for x86_64 - BaseOS Beta (RPMs)
Repo URL:  https://cdn.redhat.com/content/beta/rhel8/8/x86_64/baseos/os
Enabled:   1

[root@kvm-02-guest04 ~]# dnf -y update

[root@kvm-02-guest04 ~]# dnf -y install rhc-worker-playbook
Updating Subscription Management repositories.
Last metadata expiration check: 0:00:51 ago on Mon 21 Aug 2023 03:30:08 PM CEST.
Dependencies resolved.
======================================================================================
 Package                        Arch      Version           Repository           Size
======================================================================================
Installing:
 rhc-worker-playbook            x86_64    0.1.8-5.el8       beaker-AppStream     10 M
...
Installed:
  ansible-core-2.15.2-1.el8.x86_64                                                    
  git-core-2.39.3-1.el8_8.x86_64                                                      
  mpdecimal-2.5.1-3.el8.x86_64                                                        
  python3.11-3.11.4-4.el8.x86_64                                                      
  python3.11-cffi-1.15.1-1.el8.x86_64                                                 
  python3.11-cryptography-37.0.2-5.el8.x86_64                                         
  python3.11-libs-3.11.4-4.el8.x86_64                                                 
  python3.11-pip-wheel-22.3.1-4.el8.noarch                                            
  python3.11-ply-3.11-1.el8.noarch                                                    
  python3.11-pycparser-2.20-1.el8.noarch                                              
  python3.11-pyyaml-6.0-1.el8.x86_64                                                  
  python3.11-setuptools-wheel-65.5.1-2.el8.noarch                                     
  rhc-worker-playbook-0.1.8-5.el8.x86_64                                              
  sshpass-1.09-4.el8.x86_64                                                           

Complete!


[root@kvm-02-guest04 ~]# cat /etc/rhc/config.toml 
# rhc global configuration settings

broker = ["wss://connect.cloud.stage.redhat.com:443"]
data-host = "cert.cloud.stage.redhat.com"
log-level = "debug"  # optional

cert-file = "/etc/pki/consumer/cert.pem"
key-file = "/etc/pki/consumer/key.pem"

[root@kvm-02-guest04 ~]# cat /etc/insights-client/insights-client.conf | grep base_url
#base_url=cert-api.access.redhat.com:443/r/insights

[root@kvm-02-guest04 ~]# rhc connect
Connecting kvm-02-guest04.rhts.eng.brq.redhat.com to Red Hat.
This might take a few seconds.

● This system is already connected to Red Hat Subscription Management
● Connected to Red Hat Insights
● Activated the Remote Host Configuration daemon

Successfully connected to Red Hat!

Manage your connected systems: https://red.ht/connector

STEP                       DURATION  
Remote Host Configuration  159ms     
rhsm                       666ms     
insights                   44.715s   

The following errors were encountered during connect:

TYPE  STEP                       ERROR  
WARN  Remote Host Configuration  cannot get the user profile: Get "https://subscription.rhsm.stage.redhat.com/redhat_access/r/insights/platform/config-manager/v2/profiles/current": tls: failed to verify certificate: x509: certificate signed by unknown authority
[root@kvm-02-guest04 ~]# echo $?
0
^^ Error message was present and exit code is 0 --> VERIFICATION PASSED
Comment 6 errata-xmlrpc 2023-11-14 15:36:50 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: rhc security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:7058