Bug 664575
| Summary: | Packages install out of compliance | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | J.C. Molet <jmolet> | ||||||
| Component: | subscription-manager | Assignee: | Dennis Gregorovic <dgregor> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | John Sefler <jsefler> | ||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | low | ||||||||
| Version: | 6.1 | CC: | dgoodwin | ||||||
| Target Milestone: | rc | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2011-05-19 13:38:20 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 639436 | ||||||||
| Attachments: |
|
||||||||
|
Description
J.C. Molet
2010-12-20 19:53:08 UTC
Ok so the Load Balancer product in the screenshot was not installed prior to the yum groupinstall run above.
Important thing to note, yum cannot make you compliant. It can install new products which can result in new product certs on the machine (as in this case). To be compliant however you must use Subscription Manager or some other tool to grab an entitlement which provides access to the product you just installed.
So I suspect what we are seeing here may be correct behavior, you installed something you don't have a subscription for, so once installed it is not compliant, and you have no subscriptions which could make it compliant, thus why that list is empty.
We do need to check:
(a) Should it be possible to install this Load Balancer product via yum. (what repo is it coming from? why can we access the content if we don't have an entitlement for it?)
(b) Should this alpha entitlement subscription actually be configured to provide the load balancer product:
ProductName: Red Hat Enterprise Linux Entitlement Beta (1-2 Sockets)
(Unlimited Virtualization)
ProductId: RH3036913
PoolId: 8a878c912ceba4d7012cf54eaec5064d
I misunderstood somewhat, the expectation isn't that yum would install a new product and make you compliant, rather that if yum can install something, should it be compliant already given that the content was available in the first place? (b) No, dont need it for alpha. The beta sku should allow it tho. on (a) if the subscripion allows it, we should. I would assume if the beta exposes 4 products, one of which is LB, then installing LB should make make the numbers go to 2 of 4. I think we should show 2 of 4 as "compliant" howeverr. --b k More debugging info, it seems like the entitlement cert does not provide the correct products to match what is coming down in the product certs when something is yum installed:
The product cert for RHEL: (note this says Alpha, the subscription says Beta)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
1.3.6.1.4.1.2312.9.1.406.1:
.,Red Hat Enterprise Linux 6 Entitlement Alpha
1.3.6.1.4.1.2312.9.1.406.2:
..
1.3.6.1.4.1.2312.9.1.406.3:
..
1.3.6.1.4.1.2312.9.1.406.4:
..
The product cert for load balancer:
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
1.3.6.1.4.1.2312.9.1.408.1:
.?Red Hat Enterprise Linux Load Balancer (for RHEL 6 Entitlement)
1.3.6.1.4.1.2312.9.1.408.2:
..
1.3.6.1.4.1.2312.9.1.408.3:
..
1.3.6.1.4.1.2312.9.1.408.4:
I will attach the extensions for the entitlement cert because it's pretty huge bug the key things, I think there may be confusion on the product hashes vs content set IDs.
After the yum group install, he gets two product certs for 406 and 408. The entitlement does not provide either of these. 408 does appear as a content set ID, though for scalable file system, not load balancing. Similarly 406 is there as a content ID, but also for scalable file system rather than RHEL.
In the entitlement cert, it looks like RHEL 6 product ID should be 37, and load balancer product ID should be 47.
1.3.6.1.4.1.2312.9.1.37.1:
.&Red Hat Enterprise Linux 6 Entitlement
1.3.6.1.4.1.2312.9.1.47.1:
.?Red Hat Enterprise Linux Load Balancer (for RHEL 6 Entitlement)
But the product certs are for 406 and 408.
Created attachment 470276 [details]
Entitlement certificate extensions.
Assigning to Dennis, he thinks it should be fixed now, can we get a re-test? Tests now pass, all packages installed from subscription repos install under compliance. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2011-0611.html |