| Summary: | subscription-manager putting incorrect data in for sslclientkey in repo file | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | RHEL Program Management <pm-rhel> |
| Component: | subscription-manager | Assignee: | Bryan Kearney <bkearney> |
| Status: | CLOSED ERRATA | QA Contact: | John Sefler <jsefler> |
| Severity: | high | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 6.1 | CC: | acarter, alikins, bkearney, borgan, cduryee, ddumas, jwest, mkhusid, pm-eus, tbielawa |
| Target Milestone: | rc | Keywords: | ZStream |
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-06-27 06:54:59 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | 711133 | ||
| Bug Blocks: | |||
|
Description
RHEL Program Management
2011-06-10 13:43:05 UTC
commit 16e55156a49d5fdd16570fc3e7ac4baffd2ed071
Author: Adrian Likins <alikins>
Date: Thu Jun 9 11:47:40 2011 -0400
712409: new fix for old style to new style key format migrations
If we see an old style key, go ahead and save it as the new format,
instead of marking it invalid and waiting for CertLib.update to
update it.
This fixes an issue where the subscription-manager yum plugin would
not update the keys, since it was never running CertLib.update
Complete verification scenarios can be found in the comments of bug 711133 For the sake of this bug, we'll re-verify the following scenario: When the user has subscribed to multiple subscriptions using subscription-manager-0.95.11-1 and has somehow (probably using RHN Classic) upgraded to subscription-manager-0.95.17-1. Let's make sure that ALL of the "old style" entitlement certs get converted to the "new style" cert/key pairs upon calling yum... [root@jsefler-stage-6server ~]# rpm -q subscription-manager python-rhsm subscription-manager-0.95.11-1.el6.x86_64 python-rhsm-0.95.6-1.el6.noarch [root@jsefler-stage-6server ~]# subscription-manager register --username=qa Password: 1b519e74-b4b0-47c5-935a-3aae52fb0572 jsefler-stage-6server.usersys.redhat.com [root@jsefler-stage-6server ~]# subscription-manager list --avail | grep PoolId PoolId: 8a85f9812ede00af012edf01c8965ceb PoolId: 8a85f9812ede00af012edf01c89f5cf9 PoolId: 8a85f9812ede00af012edf01c8a65d04 PoolId: 8a85f981302cbaf2013046b66d9c761a PoolId: 8a85f981302cbaf2013046b7cf077694 PoolId: 8a85f981302cbaf2013046bb01bb7699 PoolId: 8a85f981302cbaf20130475bf7f01895 PoolId: 8a85f981302cbaf20130475bf8231897 PoolId: 8a85f981302cbaf201304761614a1b76 PoolId: 8a85f981302cbaf201304b4df59206fe PoolId: 8a85f981302cbaf201304b589d620720 PoolId: 8a85f981302cbaf201304b7440e1073f PoolId: 8a85f981302cbaf201304b7a341c0767 [root@jsefler-stage-6server ~]# subscription-manager subscribe --pool=8a85f9812ede00af012edf01c8965ceb --pool=8a85f9812ede00af012edf01c89f5cf9 --pool=8a85f9812ede00af012edf01c8a65d04 --pool=8a85f981302cbaf2013046b66d9c761a --pool=8a85f981302cbaf2013046b7cf077694 --pool=8a85f981302cbaf2013046bb01bb7699 --pool=8a85f981302cbaf20130475bf7f01895 --pool=8a85f981302cbaf20130475bf8231897 --pool=8a85f981302cbaf201304761614a1b76 --pool=8a85f981302cbaf201304b4df59206fe --pool=8a85f981302cbaf201304b589d620720 --pool=8a85f981302cbaf201304b7440e1073f --pool=8a85f981302cbaf201304b7a341c0767 [root@jsefler-stage-6server ~]# [root@jsefler-stage-6server ~]# ls --format=single-column /etc/pki/entitlement/ 1241079981535352465.pem 159855522449657142.pem 2909026179699230628.pem 4187660796414535459.pem 4310560702008139452.pem 4838187844051615345.pem 5097713717014519419.pem 5733497207611388068.pem 6518723518978988438.pem 6603356720528647346.pem 6966989714059895224.pem 7752657598634995728.pem 8484072274178155381.pem key.pem [root@jsefler-stage-6server ~]# ^^^^ NOTICE THE "old style" certs with a single key.pem Now for testing purposes, I'll circumvent an RHN yum update by manually installing the newest python-rhsm and the subscription-manager package attached to this errata... [root@jsefler-stage-6server ~]# yum localinstall --nogpgcheck /tmp/subscription-manager-0.95.17-1.el6_1.x86_64.rpm /tmp/python-rhsm-0.95.14-1.el6_1.noarch.rpm Loaded plugins: product-id, refresh-packagekit, subscription-manager Updating Red Hat repositories. Setting up Local Package Process Examining /tmp/subscription-manager-0.95.17-1.el6_1.x86_64.rpm: subscription-manager-0.95.17-1.el6_1.x86_64 Marking /tmp/subscription-manager-0.95.17-1.el6_1.x86_64.rpm as an update to subscription-manager-0.95.11-1.el6.x86_64 rhel-6-server-rpms | 2.1 kB 00:00 rhel-ha-for-rhel-6-server-rpms | 2.2 kB 00:00 rhel-lb-for-rhel-6-server-rpms | 2.4 kB 00:00 rhel-rs-for-rhel-6-server-rpms | 2.2 kB 00:00 rhel-scalefs-for-rhel-6-server-rpms | 2.4 kB 00:00 Examining /tmp/python-rhsm-0.95.14-1.el6_1.noarch.rpm: python-rhsm-0.95.14-1.el6_1.noarch Marking /tmp/python-rhsm-0.95.14-1.el6_1.noarch.rpm as an update to python-rhsm-0.95.6-1.el6.noarch Resolving Dependencies --> Running transaction check ---> Package python-rhsm.noarch 0:0.95.6-1.el6 will be updated ---> Package python-rhsm.noarch 0:0.95.14-1.el6_1 will be an update ---> Package subscription-manager.x86_64 0:0.95.11-1.el6 will be updated ---> Package subscription-manager.x86_64 0:0.95.17-1.el6_1 will be an update --> Finished Dependency Resolution Dependencies Resolved =================================================================================================================================================== Package Arch Version Repository Size =================================================================================================================================================== Updating: python-rhsm noarch 0.95.14-1.el6_1 /python-rhsm-0.95.14-1.el6_1.noarch 109 k subscription-manager x86_64 0.95.17-1.el6_1 /subscription-manager-0.95.17-1.el6_1.x86_64 1.2 M Transaction Summary =================================================================================================================================================== Upgrade 2 Package(s) Total size: 1.3 M Is this ok [y/N]: y Downloading Packages: Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Updating : python-rhsm-0.95.14-1.el6_1.noarch 1/4 Updating : subscription-manager-0.95.17-1.el6_1.x86_64 2/4 Cleanup : subscription-manager-0.95.11-1.el6.x86_64 3/4 Cleanup : python-rhsm-0.95.6-1.el6.noarch 4/4 rhel-6-server-rpms/productid | 1.7 kB 00:00 duration: 264(ms) Installed products updated. Updated: python-rhsm.noarch 0:0.95.14-1.el6_1 subscription-manager.x86_64 0:0.95.17-1.el6_1 Complete! [root@jsefler-stage-6server ~]# [root@jsefler-stage-6server ~]# ls --format=single-column /etc/pki/entitlement/1241079981535352465.pem 159855522449657142.pem 2909026179699230628.pem 4187660796414535459.pem 4310560702008139452.pem 4838187844051615345.pem 5097713717014519419.pem 5733497207611388068.pem 6518723518978988438.pem 6603356720528647346.pem 6966989714059895224.pem 7752657598634995728.pem 8484072274178155381.pem key.pem [root@jsefler-stage-6server ~]# ^^^ Still showing the "old style" certs [root@jsefler-stage-6server ~]# yum repolist -q [root@jsefler-stage-6server ~]# ls --format=single-column /etc/pki/entitlement/ 1241079981535352465-key.pem 1241079981535352465.pem 159855522449657142-key.pem 159855522449657142.pem 2909026179699230628-key.pem 2909026179699230628.pem 4187660796414535459-key.pem 4187660796414535459.pem 4310560702008139452-key.pem 4310560702008139452.pem 4838187844051615345-key.pem 4838187844051615345.pem 5097713717014519419-key.pem 5097713717014519419.pem 5733497207611388068-key.pem 5733497207611388068.pem 6518723518978988438-key.pem 6518723518978988438.pem 6603356720528647346-key.pem 6603356720528647346.pem 6966989714059895224-key.pem 6966989714059895224.pem 7752657598634995728-key.pem 7752657598634995728.pem 8484072274178155381-key.pem 8484072274178155381.pem key.pem [root@jsefler-stage-6server ~]# ^^^ Now after a yum transaction, the "new style" entitlements include a key.pem per entitlement.pem. [root@jsefler-stage-6server ~]# yum repolist Loaded plugins: product-id, refresh-packagekit, subscription-manager Updating Red Hat repositories. rhel-6-server-rpms | 2.1 kB 00:00 rhel-ha-for-rhel-6-server-rpms | 2.2 kB 00:00 rhel-lb-for-rhel-6-server-rpms | 2.4 kB 00:00 rhel-rs-for-rhel-6-server-rpms | 2.2 kB 00:00 rhel-scalefs-for-rhel-6-server-rpms | 2.4 kB 00:00 repo id repo name status rhel-6-server-rpms Red Hat Enterprise Linux 6 Server (RPMs) 5,047 rhel-ha-for-rhel-6-server-rpms Red Hat Enterprise Linux High Availability (for RHEL 6 Server) (RPMs) 87 rhel-lb-for-rhel-6-server-rpms Red Hat Enterprise Linux Load Balancer (for RHEL 6 Server) (RPMs) 2 rhel-rs-for-rhel-6-server-rpms Red Hat Enterprise Linux Resilient Storage (for RHEL 6 Server) (RPMs) 100 rhel-scalefs-for-rhel-6-server-rpms Red Hat Enterprise Linux Scalable File System (for RHEL 6 Server) (RPMs) 7 repolist: 5,243 ^^^ AND, we do not encounter a yum "[Errno 14] problem with the local client certificate" moving to VERIFIED An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0902.html |