Bug 671246
Summary: | Compliance Assistant not doing anything | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | J.C. Molet <jmolet> |
Component: | subscription-manager | Assignee: | Devan Goodwin <dgoodwin> |
Status: | CLOSED ERRATA | QA Contact: | J.C. Molet <jmolet> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.1 | CC: | bkearney, dgoodwin, jesusr, jsefler |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-05-19 13:39:04 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 639436 |
Description
J.C. Molet
2011-01-20 20:48:12 UTC
This functionality appears healthy in subscription manager, probably an issue with the data in your certs. Will need more information: - What is the pool you were subscribing too. - What is the product you were installing via yum. - What certificates were in /etc/pki/product/ at the time you launched compliance assistant. Output of "openssl x509 -text -in file.pem" may be required for each. Thanks! pool=8a8aa80d2d960061012d99b15db400e0 yum install zsh [root@jmolet-vm2 rhsm]# ls /etc/pki/product/ 3.pem [root@jmolet-vm2 rhsm]# openssl x509 -text -in /etc/pki/product/3.pem Certificate: Data: Version: 3 (0x2) Serial Number: b0:f1:44:bb:7f:b5:49:04 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=North Carolina, O=Red Hat, Inc., OU=Red Hat Network, CN=Red Hat Entitlement Product Authority/emailAddress=ca-support Validity Not Before: Jan 18 16:28:51 2011 GMT Not After : Jul 17 16:28:51 2011 GMT Subject: CN=Red Hat Product ID [39552222-3397-4934-bf0b-966cf93d8452] Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: 00:c6:3f:49:d3:8c:fe:13:37:72:c7:55:37:de:41: 5f:b4:bb:f4:9e:d3:52:d4:14:9e:ba:1a:19:2c:38: 6c:d7:cc:a4:b1:ea:46:ee:15:d7:b4:78:76:08:c1: 5f:2d:99:93:8c:0c:8b:f6:2d:57:b3:1c:a4:42:95: 50:75:74:c6:a5:41:77:dc:2d:aa:05:01:c1:e6:09: 58:b3:df:9d:ef:cd:71:f2:9f:26:f3:31:71:6c:f7: 16:f3:64:c8:25:76:e0:5b:71:2b:56:1f:2f:93:9a: 82:6c:6d:5c:08:00:07:6f:e0:d6:32:ad:04:03:2c: b5:6e:5f:c9:80:08:21:60:d1:81:46:f2:89:39:b4: dd:0a:b7:69:62:1d:36:29:4a:81:2e:44:8f:64:7b: e8:e8:35:09:14:dd:fb:31:70:e9:55:e4:2a:f5:5b: 6a:46:3a:4a:2c:bc:2e:11:f5:db:d1:8e:c8:e7:11: 0e:ad:1d:e4:61:b3:9a:04:05:95:b7:79:98:67:5b: 74:2f:f2:9f:63:68:d5:39:d5:39:58:5c:b2:07:d3: e1:6c:c7:4b:8b:5c:44:f3:4d:63:f8:62:6b:c1:c2: da:c6:6a:af:8f:85:1a:20:24:73:70:f0:13:3f:ce: b3:54:cd:41:05:06:be:96:29:64:45:07:ac:e4:7c: a3:67:36:43:88:66:2e:76:75:e1:6e:a9:8b:a3:f9: f4:72:e5:e8:40:15:55:8e:1c:d1:4c:cc:7b:d4:48: a2:6a:19:a2:c3:e5:35:bc:6a:a4:1e:14:0d:c5:bd: 77:1e:d3:75:95:c0:21:50:20:eb:c7:17:8c:be:b0: 23:61:d5:a9:62:5a:48:c9:6d:cd:b2:c3:d6:b7:56: 14:1e:27:4c:05:20:09:e0:a7:2d:21:ff:75:77:21: 3d:dd:a4:ad:97:1c:02:fd:09:f2:16:c6:4e:99:c1: 2c:07:35:42:9f:3f:46:99:63:25:d7:fe:97:cc:14: b5:c8:35:2a:07:29:25:c7:44:cb:1f:ec:ff:b0:af: 40:f8:ed:ab:64:0c:b5:98:1c:82:63:05:71:bd:b3: 99:86:7a:86:c4:0b:93:a0:84:be:03:cd:6f:e6:10: a3:b0:28:8e:49:c5:41:f9:c8:a5:df:46:01:bb:47: 07:f3:94:59:d0:82:cd:90:77:4a:76:b2:cb:59:6e: 30:8e:98:4a:da:70:67:da:0d:a2:df:ec:ed:7f:e9: d0:10:3d:a9:42:a6:7f:ae:1b:96:ef:d8:dc:c8:26: 65:f6:45:ea:7b:5c:0e:74:5d:02:c1:a8:78:37:af: f7:2f:32:17:10:42:b2:10:9c:4d:a9:0c:2d:35:cd: 88:54:4f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE 1.3.6.1.4.1.2312.9.1.3.1: .$Red Hat Enterprise Linux Entitlement 1.3.6.1.4.1.2312.9.1.3.2: .. 1.3.6.1.4.1.2312.9.1.3.3: .. 1.3.6.1.4.1.2312.9.1.3.4: .. Signature Algorithm: sha1WithRSAEncryption 40:83:38:8a:94:b7:a5:10:84:32:f9:55:27:51:3e:cc:3f:73: d6:0c:d1:54:ea:9f:f2:d1:6f:bd:b5:69:ed:78:c6:90:ba:fc: 44:d8:88:d2:a1:28:f9:dd:00:56:37:ad:dc:0c:93:24:c2:70: cf:a1:48:65:59:f1:61:d8:d9:05:65:8b:a7:20:bf:4c:dd:b2: 72:7c:ce:e5:bb:ec:55:07:40:80:af:b1:c9:ad:5e:fa:e6:cd: 0e:4e:68:13:9a:c6:00:1c:39:05:03:6f:9b:61:43:a9:93:24: 3d:4a:f9:c7:87:be:52:40:f4:af:b2:85:2e:42:b8:03:51:6b: e3:78:f8:d5:03:77:5a:3f:77:6d:3d:9c:4b:5e:c0:66:d9:b9: d3:5e:d4:b3:5f:b9:c2:6a:d4:93:06:e0:a7:7d:ab:be:a2:29: 05:48:09:be:03:d5:32:8a:70:f0:8c:c4:9b:ce:c6:e3:b1:0d: 4c:91:63:1a:8a:19:84:ac:c5:df:ed:32:64:45:a5:f7:86:0a: 27:17:ad:43:60:92:3d:c1:53:2e:fa:f5:57:3e:e9:0f:56:92: 9e:28:8a:e2:34:9f:0b:6f:8a:2c:ff:a0:48:73:4e:4b:ab:8e: 41:86:c6:37:52:8a:2f:e4:d5:62:36:28:5a:cf:d8:be:c0:27: 14:2d:7f:b2:14:ee:86:f4:ea:29:08:db:cc:4a:d1:de:96:40: 2e:4d:8a:37:73:28:f5:82:de:6c:60:3d:ae:f7:59:33:55:1d: 13:14:eb:45:df:59:83:13:c2:be:f5:03:50:f2:12:68:7f:7e: 73:8a:9d:e8:ab:c3:64:4c:bf:90:b8:43:2c:7e:24:a0:1f:e9: 42:8b:bb:d9:17:fa:b8:79:26:55:8c:7a:87:99:fd:07:20:81: 87:38:45:f0:ae:a8:6c:87:ef:6b:cc:77:6c:d5:79:d6:0f:e4: 28:9e:66:eb:01:cf:f3:db:c7:2f:3f:c3:41:06:82:5c:7a:8a: ca:3e:d4:64:af:54:a8:33:55:b8:22:15:6c:83:37:09:4f:90: a9:4b:e6:3b:4d:81:5d:d6:d4:4e:6a:4c:5d:21:ab:14:55:c9: 71:1e:d1:f1:ba:05:03:f2:eb:6a:dc:b4:c5:e0:ac:69:19:6d: e7:e3:da:93:83:a5:c0:49:d0:5e:06:1c:e2:6e:52:07:f5:52: bf:81:f1:1d:03:ec:46:c9:b9:3a:65:be:57:7d:3d:b4:10:1e: 88:db:3b:5f:00:6c:f5:e3:a5:ab:93:af:bb:f7:7c:2e:6c:46: 18:d9:19:5a:af:e6:ea:48:a5:21:b6:d0:f3:be:7e:67:32:cc: 1e:2d:eb:77:07:25:d6:93 Ok so the installed product has an ID of "3". (as per your 3.pem) If we list all of this owners pools: [ { "accountNumber": "1407069", "activeSubscription": true, "attributes": [], "consumed": 1, "contractNumber": "2117363", "created": "2011-01-18T15:12:15.000+0000", "endDate": "2011-07-18T03:59:59.000+0000", "href": "/pools/8a8aa80d2d960061012d99aef1ce00dc", "id": "8a8aa80d2d960061012d99aef1ce00dc", "owner": { "href": "/owners/6237926", "id": "8a8aa80d2d960061012d99ae0baa00db" }, "productId": "RH3016037", "productName": "Red Hat Enterprise Linux Server Entitlement Beta for Certified Engineers and System Administrators - NOT FOR SALE", "providedProducts": [], "quantity": 1, "restrictedToUsername": null, "sourceEntitlement": null, "startDate": "2011-01-18T05:00:00.000+0000", "subscriptionId": "1978439", "updated": "2011-01-18T15:14:54.000+0000" }, { "accountNumber": "1407069", "activeSubscription": true, "attributes": [ { "created": "2011-01-18T15:14:54.000+0000", "name": "requires_consumer_type", "updated": "2011-01-18T15:14:54.000+0000", "value": "system" } ], "consumed": 0, "contractNumber": "2117363", "created": "2011-01-18T15:14:54.000+0000", "endDate": "2011-07-18T03:59:59.000+0000", "href": "/pools/8a8aa80d2d960061012d99b15db400e0", "id": "8a8aa80d2d960061012d99b15db400e0", "owner": { "href": "/owners/6237926", "id": "8a8aa80d2d960061012d99ae0baa00db" }, "productId": "RH3036913", "productName": "RH3036913", "providedProducts": [], "quantity": 10, "restrictedToUsername": "jmolet-testuser2", "sourceEntitlement": { "href": "/entitlements/8a8aa80d2d960061012d99b15db400e2", "id": "8a8aa80d2d960061012d99b15db400e2" }, "startDate": "2011-01-18T05:00:00.000+0000", "subscriptionId": null, "updated": "2011-01-21T18:56:37.000+0000" } ]% We can see that there are no subscriptions which provide this product, so there is nothing compliance assistant can do. So it's a question of how exactly did you come to get that product cert 3.pem installed. (does any rpm own it?) What was the product you mentioned yum installing? After that we can try to track down someone who will know how it should be behaving, likely some data needs to be adjusted. 02:27pm <jmolet> dgoodwin: the yum install zsh pulled it down I don't fully understand why yum install zsh would pull down this product cert, nor if the subscriptions above should provide it, nor if this account should have some other subscription which does. Can anyone offer info? after step 4, is there a new product certificate on your machine? That is reportedly the case. I think one of those above subscriptions is supposed to be providing this product ID 3. Going to see if someone in IT can pick this up. That is correct... you can see in the attachment that during the yum install, the 3.pem is installed into the products directory. Similarly if you 'yum remove' the package the 3.pem is erased by yum (if all packages from that repo are removed). This happens if you if you install any package that came from a repo provided by a subscription. Also note that the latest entitlement beta compose (RHEL6.1-20110121.0) pulls down this 3.pem with the same behavior if you do a default install. An additional #.pem is included with the install of every add-on (Load Balancer, High Availability, Resilient Storage, etc..) Ok I think I see what is going on here. The system pool that results is not coming from the IT adapter, we make it directly within candlepin, so the SKU to eng product mapping is irrelevant here. Looking at the details for the person product: RH3016037 { "attributes": [ { "name": "user_license_product", "value": "RH3036913" }, { "name": "name", "value": "Red Hat Enterprise Linux Server Entitlement Beta for Certified Engineers and System Administrators - NOT FOR SALE" }, { "name": "requires_consumer_type", "value": "person" }, { "name": "variant", "value": "Entitlement Beta" }, { "name": "description", "value": "Red Hat Enterprise Linux" }, { "name": "user_license", "value": "10" }, { "name": "type", "value": "MKT" }, { "name": "warning_period", "value": "30" }, { "name": "option_code", "value": "30" } ], "href": "/products/RH3016037", "id": "RH3016037", "multiplier": 1, "name": "Red Hat Enterprise Linux Server Entitlement Beta for Certified Engineers and System Administrators - NOT FOR SALE", "productContent": [] }% The user license product is transferred to the new pool for systems, we also try to transfer provided products but this value comes directly from the person pool's provided products, not an attribute. So two options to fix: 1. IT modifies the RH3016037 subscriptions (the ones for type "person") to provide product ID "3". 2. We modify Candlepin rules to also look for a new attribute, user_license_provided_products, and use these to transfer to the new system pool as the provided product IDs. IT would need to get this new attribute populated for the ent beta subscriptions. I think (2) is probably the more correct one but it somewhat depends on what IT feels is the best approach. Good news it sounds like (1) is a good option, it's also how this is supposed to be working today. Talked to Mark, he is digging into why the "person" product is not getting it's correct provided products, suspects the pools may have been created during a brief window when the SKU to eng product mappings were broken last week. Trying to get these refreshed now. The person pool has now been refreshed and provides a bunch of products including 3. Back to ON_QA. Note that you will need to revoke your person entitlement and re-bind to get the sub-pool having the correct provided products. (In reply to comment #12) > The person pool has now been refreshed and provides a bunch of products > including 3. > > Back to ON_QA. Note that you will need to revoke your person entitlement and > re-bind to get the sub-pool having the correct provided products. This did it. Products are now shown when selecting the products I want entitlements for. Tested in latest rhel compose which includes: subscription-manager-gnome-0.93.14-1.el6.x86_64 subscription-manager-firstboot-0.93.14-1.el6.x86_64 subscription-manager-0.93.14-1.el6.x86_64 An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2011-0611.html |