Bug 655127

Summary: RHUI 1.2 Updates: Entitlement Certificate Note
Product: Red Hat Update Infrastructure for Cloud Providers Reporter: Jay Dobies <jason.dobies>
Component: DocumentationAssignee: Lana Brindley <lbrindle>
Status: CLOSED CURRENTRELEASE QA Contact: ecs-bugs
Severity: medium Docs Contact:
Priority: low    
Version: 1.1CC: mhideo
Target Milestone: ---Keywords: Documentation
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-12-13 23:18:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 649091    

Description Jay Dobies 2010-11-19 17:01:06 UTC 
I'm not entirely sure where to put this.

When creating entitlement certificates, we allow the customer to select a subset of the overall product entitlements granted to them (this is already in the docs, or at least there's already a bugzilla describing it).

The common use case will be that we give them a certificate that grants access to both RHEL 5 and RHEL 6. That means the RHUI will serve both versions in the yum repos.

However, we don't want clients accessing both at the same time. This is where the drive for the entitlement certificate product selection came from. The customer should make one entitlement certificate for RHEL 5 and a different one for RHEL 6, then making sure to deploy the correct one on the client instances depending on version.

Bad things would happen if they made a client RPM that was configured to download from both RHEL 5 and 6.

So we should probably note that, since it's going to be a common enough scenario that cloud providers find themselves in.
Comment 1 Lana Brindley 2010-11-21 20:28:18 UTC 
Added to content spec - Entitlement Certificates.

LKB
Comment 2 Lana Brindley 2010-11-22 10:17:34 UTC 
<important>
	<title>Important</title>
	<para>
		Once you have been granted a certificate, ensure that clients are only able to access one at a time. Only allow client instances to download the certificate they require for their version of the image, and no other certificates.
	</para>
</important>

Revision 0-4.

LKB
Comment 4 Lana Brindley 2010-12-12 20:26:38 UTC 
Fixed in another BZ.

LKB
Comment 5 Lana Brindley 2010-12-13 23:18:06 UTC 
Published 14 December 2010: http://docs.redhat.com/docs/en-US/Red_Hat_Update_Infrastructure/1.2/html/Installation_Guide/index.html

Please raise any issues as new bugs against this live version.

Thanks,
LKB