Bug 708362

Summary: Serial-key.pem is not getting removed after product unsubscribe .
Product: Red Hat Enterprise Linux 5 Reporter: spandey
Component: subscription-managerAssignee: Adrian Likins <alikins>
Status: CLOSED ERRATA QA Contact: John Sefler <jsefler>
Severity: low Docs Contact:
Priority: unspecified    
Version: 5.7CC: alikins, dgoodwin, jmolet, jsefler, kbanerje, skallesh, spandey, wpoteat, yuzheng
Target Milestone: beta   
Target Release: 5.8   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
No description necessary
 Story Points: ---
Clone Of: Environment:
Last Closed: 2012-02-21 06:41:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 715031    

Description spandey 2011-05-27 12:50:52 UTC 
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:
5/5

Prerequisites:
Client : Rhel 5.7 with following subscription manager 
Candlepin :  subscription.rhn.stage.redhat.com

Steps to repro : 

Register client to candlepin  using stage_test_2 user 
subscribe multiple subscription.
Unsubscribe subscription.


Expected Result : 
 Product cert and product-key.pem should removed from /etc/pki/entitlement 

Actual Result : 
Unsubscribe process is not removing “product-key.pem”

[root@dhcp201-117 product]# subscription-manager unsubscribe --serial 8035461471472409942

[root@dhcp201-117 product]# ls /etc/pki/entitlement/

4727182473993461144-key.pem  8035461471472409942-key.pem

4727182473993461144.pem      8042440189867585360-key.pem

683430525277978079-key.pem
Comment 1 spandey 2011-05-27 12:56:26 UTC 
subscription-manager rpm 

subscription-manager-gnome-0.95.5.18-1.el5
subscription-manager-0.95.5.18-1.el5
subscription-manager-firstboot-0.95.5.18-1.el5
Comment 2 Chris Duryee 2011-05-27 13:43:07 UTC 
This is the same behavior as RHEL6. Leaving just the -key file around is harmless, since you need both the key file and the actual cert in order to do anything.

Moving to 6.2.
Comment 7 Bryan Kearney 2011-10-24 11:57:27 UTC 
*** Bug 748303 has been marked as a duplicate of this bug. ***
Comment 8 Adrian Likins 2011-11-21 17:08:21 UTC 
commit 86db0f9a2d76214d33ac1f7676411b85b659387e
Author: Adrian Likins <alikins>
Date:   Wed Nov 9 14:30:16 2011 -0500

    708362: remove entitlement keys on delete as well
    
    Make EntitlementCertificate.delete delete the -key.pem
    files associated with it as well. Fixes these keys
    being orphaned on "unsubscribe --all"
Comment 9 John Sefler 2011-12-05 23:07:17 UTC 
Verifying Version...
[root@jsefler-onprem-5server ~]# rpm -q subscription-manager
subscription-manager-0.98.5-1.git.2.cd86f84.el5_7



[root@jsefler-onprem-5server ~]# subscription-manager register --username testuser1 --password password --org admin
The system has been registered with id: 82d1581b-b8c4-4365-aa04-5a158effab65 
[root@jsefler-onprem-5server ~]# subscription-manager list --avail | grep PoolId
PoolId:               	8a90f85734100c930134100d72cf02ad
PoolId:               	8a90f85734100c930134100d72f202b8
PoolId:               	8a90f85734100c930134100d74a70340
PoolId:               	8a90f85734100c930134100d74c00352
PoolId:               	8a90f85734100c930134100d7558038e
PoolId:               	8a90f85734100c930134100d756e039b
PoolId:               	8a90f85734100c930134100d75a603b4
PoolId:               	8a90f85734100c930134100d75d803c0
PoolId:               	8a90f85734100c930134100d761f03db
PoolId:               	8a90f85734100c930134100d763d03e8
PoolId:               	8a90f85734100c930134100d76830406
PoolId:               	8a90f85734100c930134100d769d0416
PoolId:               	8a90f85734100c930134100d76e1042f
PoolId:               	8a90f85734100c930134100d77060436
[root@jsefler-onprem-5server ~]# subscription-manager subscribe --pool 8a90f85734100c930134100d77060436 --pool 8a90f85734100c930134100d76e1042f --pool 8a90f85734100c930134100d769d0416 --pool 8a90f85734100c930134100d76830406 --pool 8a90f85734100c930134100d763d03e8 --pool 8a90f85734100c930134100d761f03db --pool 8a90f85734100c930134100d75d803c0 --pool 8a90f85734100c930134100d75a603b4 --pool 8a90f85734100c930134100d756e039b --pool 8a90f85734100c930134100d7558038e
Successfully consumed a subscription from the pool with id 8a90f85734100c930134100d77060436
Successfully consumed a subscription from the pool with id 8a90f85734100c930134100d76e1042f
Successfully consumed a subscription from the pool with id 8a90f85734100c930134100d769d0416
Successfully consumed a subscription from the pool with id 8a90f85734100c930134100d76830406
Successfully consumed a subscription from the pool with id 8a90f85734100c930134100d763d03e8
Successfully consumed a subscription from the pool with id 8a90f85734100c930134100d761f03db
Successfully consumed a subscription from the pool with id 8a90f85734100c930134100d75d803c0
Successfully consumed a subscription from the pool with id 8a90f85734100c930134100d75a603b4
Successfully consumed a subscription from the pool with id 8a90f85734100c930134100d756e039b
Successfully consumed a subscription from the pool with id 8a90f85734100c930134100d7558038e
[root@jsefler-onprem-5server ~]#  ls -1 /etc/pki/entitlement/1043679991170367058-key.pem
1043679991170367058.pem
2059334052163475049-key.pem
2059334052163475049.pem
2346149501123504972-key.pem
2346149501123504972.pem
500244911211969324-key.pem
500244911211969324.pem
5366436265077627978-key.pem
5366436265077627978.pem
6295066169357212289-key.pem
6295066169357212289.pem
6870093174543016081-key.pem
6870093174543016081.pem
6888712187957928269-key.pem
6888712187957928269.pem
7520140706408486929-key.pem
7520140706408486929.pem
7977689738042329588-key.pem
7977689738042329588.pem
[root@jsefler-onprem-5server ~]# subscription-manager unsubscribe --serial 6870093174543016081
[root@jsefler-onprem-5server ~]#  ls -1 /etc/pki/entitlement/1043679991170367058-key.pem
1043679991170367058.pem
2059334052163475049-key.pem
2059334052163475049.pem
2346149501123504972-key.pem
2346149501123504972.pem
500244911211969324-key.pem
500244911211969324.pem
5366436265077627978-key.pem
5366436265077627978.pem
6295066169357212289-key.pem
6295066169357212289.pem
6888712187957928269-key.pem
6888712187957928269.pem
7520140706408486929-key.pem
7520140706408486929.pem
7977689738042329588-key.pem
7977689738042329588.pem
[root@jsefler-onprem-5server ~]# subscription-manager unsubscribe --all
[root@jsefler-onprem-5server ~]#  ls -1 /etc/pki/entitlement/
[root@jsefler-onprem-5server ~]#

^^ VERIFIED WHEN THE SERIAL IS UNSUBSCRIBED INDIVIDUALLY AS WELL AS WITH --ALL, THEN THE CORRESPONDING KEY IS ALSO REMOVED.

moving to VERIFIED
Comment 10 William Poteat 2012-01-20 17:08:08 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No description necessary
Comment 11 errata-xmlrpc 2012-02-21 06:41:08 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0154.html