Bug 716951
| Summary: | The client config rpm on rhel6 requires particular nss and curl versions to work | ||
|---|---|---|---|
| Product: | Red Hat Update Infrastructure for Cloud Providers | Reporter: | Kedar Bidarkar <kbidarka> |
| Component: | Tools | Assignee: | Jay Dobies <jason.dobies> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | wes hayutin <whayutin> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 2.0 | CC: | kbidarka, sghai, tsanders |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-05-31 12:51:47 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 711223 | ||
|
Description
Kedar Bidarkar
2011-06-27 14:48:40 UTC
Just to make sure I understand why this is needed: What is it about those versions that are needed for RHUI clients to work? Those clients should just be using yum, does that not work against the RHUI? Required for, yum client operations to work with the RHUI. Please refer, comment 3 of https://bugzilla.redhat.com/show_bug.cgi?id=710455 , for exact details. Kedar - Are you actually seeing an issue with RHEL 6 clients? The bug you refer to is concerning pulp/cds issues with synchronization. It shouldn't actually affect yum calls from a client. I'm not sure if you think this is a requirement for all on RHEL 6 or if you are actually seeing an issue when you try to use a RHEL 6 client and connect to RHUI. If you are seeing an issue, please provide details on what the error is, how reproducible it is, etc. Unless I upgrade nss and curl rpms, similar to that of RHUA and CDS, we receive this issue. [root@dhcp201-140 yum.repos.d]# yum clean all Loaded plugins: rhui-lb Cleaning up Everything [root@dhcp201-140 yum.repos.d]# yum install zsh Loaded plugins: rhui-lb Could not retrieve mirrorlist https://dhcp201-198.englab.pnq.redhat.com/pulp/mirror/content/dist/rhel/rhui/server-6/releases/6Server/x86_64/os error was 14: problem with the local client certificate Error: Cannot retrieve repository metadata (repomd.xml) for repository: rhui-rhel-server-6-releases. Please verify its path and try again The rh-cloud.repo output for sample [root@dhcp201-140 yum.repos.d]# cat rh-cloud.repo [rhui-rhel-server-6-releases] name=Red Hat Enterprise Linux Server 6 Releases (RPMs) mirrorlist=https://dhcp201-198.englab.pnq.redhat.com/pulp/mirror/content/dist/rhel/rhui/server-6/releases/$releasever/$basearch/os enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release sslverify=1 sslcacert=/etc/pki/entitlement/ca.crt sslclientcert=/etc/pki/entitlement/product/content.crt sslclientkey=/etc/pki/entitlement/key.pem Yes, this issue is only with RHEL6 clients that are connected with RHUI 2.0. Its fine for RHEL5 and fedora clients. If the RHEL6 Cleint is updated with nss and curl rpms, this issue is resolved. Existing RHEL 6.0 ami's would fail to contact rhui, unless the nss and curl rpms are installed prior to updating the instances with the client-config-rpms from that of rhui 2.0. commit 5fa9cf405474eb0e0903c501be2ec225e863108e
Author: Jay Dobies <jason.dobies>
Date: Fri Jul 8 16:05:52 2011 -0400
716951 - Convert PKCS8 formatted keys to RSA when generating client
entitlement and identity certificates
rhui-2.0/tools/src/rhui/common/cert_utils.py
Verify this in two steps:
- First make sure RHEL6 clients can access RHUI repositories from yum (the reason that caused this bug in the first place).
- If that works, also need a clean. Delete the identity certificate (/etc/pki/rhui/identity*) and restart RHUI Manager. That will cause a new identity certificate to be generated which will use the new format as part of this fix. Then register a new protected Red Hat repo. That will use the new identity cert; need to make sure that CDS instances can still sync from the RHUA using this new identity certificate.
Fixed in 2.0.37. Now the yum client operations work without upgrading to the above versions of nss and curl. [root@dhcp201-140 ~]# rpm -qav | grep -ie "nss-3" -ie "^curl" nss-3.12.7-2.el6.x86_64 curl-7.19.7-16.el6.x86_64 [root@dhcp201-140 ~]# yum install zsh Loaded plugins: rhui-lb Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package zsh.x86_64 0:4.3.10-4.1.el6 set to be updated --> Finished Dependency Resolution Dependencies Resolved ================================================================================================================================================================================= Package Arch Version Repository Size ================================================================================================================================================================================= Installing: zsh x86_64 4.3.10-4.1.el6 rhui-rhel-server-6-releases 2.1 M Transaction Summary ================================================================================================================================================================================= Install 1 Package(s) Upgrade 0 Package(s) Total download size: 2.1 M Installed size: 4.8 M Is this ok [y/N]: y Downloading Packages: zsh-4.3.10-4.1.el6.x86_64.rpm | 2.1 MB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Warning: RPMDB altered outside of yum. Installing : zsh-4.3.10-4.1.el6.x86_64 1/1 Installed: zsh.x86_64 0:4.3.10-4.1.el6 Complete! [root@dhcp201-140 ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.0 (Santiago) moving to release pending closing out, product released |