| Summary: | Entitlements having longest expiration date should be used, when two content certs provides same entitlements | ||
|---|---|---|---|
| Product: | Red Hat Update Infrastructure for Cloud Providers | Reporter: | Sachin Ghai <sghai> |
| Component: | RHUA | Assignee: | Jay Dobies <jason.dobies> |
| Status: | CLOSED NOTABUG | QA Contact: | wes hayutin <whayutin> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 2.0 | CC: | kbidarka, sghai, tsanders |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-07-25 13:02:57 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Even because of two different enteries of same product, I observed following while generating entitlement certs for client.
Please notice the entry at 50 and 51.
- 45: Red Hat Enterprise Linux Server 6 Updates (RPMs)
- 46: Red Hat Enterprise Linux Server 6 Updates (SRPMS)
- 47: Red Hat Update Infrastructure 1.1 (RPMs) *
- 48: Red Hat Update Infrastructure 1.2 (Debug RPMs)
- 49: Red Hat Update Infrastructure 1.2 (ISOs)
- 50: Red Hat Update Infrastructure 1.2 (RPMs)
- 51: Red Hat Update Infrastructure 1.2 (RPMs) *
- 52: Red Hat Update Infrastructure 1.2 (Source RPMs)
- 53: Red Hat Update Infrastructure i386 Beta Optional (RPMs)
- 54: Red Hat Update Infrastructure x86_64 Beta Optional (RPMs)
My guess is that this is an issue with the entitlements within the certificates themselves. I suspect the labels are the same (which is what you see in the UI) but the actual download URLs are different. Can you manually look into the two certificates and paste in the download URLs for the entitlements that appear twice? To be clear: - Use openssl x509 -text -in <cert> - Look for the entitlement string that has "Red Hat Update Infrastructure 1.2 (RPMs)". It should end with *.1.1 (or *.1.2, I forget the specifics). - Find it's associated download URL. It will have the same value as the * in the label string, but end with .1.6. If those are different, than RHUI is exhibiting the expected behavior and it's a certificate issue. Yes,, I think you are right.
Here is output from stage certs:
<snippet>
1.3.6.1.4.1.2312.9.2.1028.1:
1.3.6.1.4.1.2312.9.2.1028.1.1:
.(Red Hat Update Infrastructure 1.2 (RPMs)
1.3.6.1.4.1.2312.9.2.1028.1.2:
1.3.6.1.4.1.2312.9.2.1028.1.5:
1.3.6.1.4.1.2312.9.2.1028.1.6:
.B/content/dist/rhel/rhui/server/5/$releasever/$basearch/rhui/1.2/os
1.3.6.1.4.1.2312.9.2.1028.1.7:
1.3.6.1.4.1.2312.9.2.1028.1.4:
1.3.6.1.4.1.2312.9.2.1028.1.3:
1.3.6.1.4.1.2312.9.2.1028.1.8:
1.3.6.1.4.1.2312.9.2.1028.1.9:
1.3.6.1.4.1.2312.9.2.1028.1.10:
</snippet>
And from other certs ( provided by Todd):
<snippet>
1.3.6.1.4.1.2312.9.2.5504.1.1:
.(Red Hat Update Infrastructure 1.2 (RPMs)
1.3.6.1.4.1.2312.9.2.5504.1.2:
..rhui-1.2
1.3.6.1.4.1.2312.9.2.5504.1.6:
.?content/dist/rhel/rhui/server/$releasever/$basearch/rhui/1.2/os
</snippet>
If I understand it correctly, the download url looks like different but the entitlement labels are same.
>> .?content/dist/rhel/rhui/server/$releasever/$basearch/rhui/1.2/os -- ( production certs)
>>.B/content/dist/rhel/rhui/server/5/$releasever/$basearch/rhui/1.2/os -- (stage certs)
Ok, that makes sense. The certificates should be providing unique labels per entitlement, which isn't the case here. My recommendation is that we close this out as not a bug. Since the issue is with stage content certs, not with the RHUI.. so closing this defect. |
Description of problem: I'm using two content certs. 1. stage_content.pem: This one is generated from stage env.(access.stage.redhat.com/management) and 2. new_content.pem: This one is privided by dev ( I guess this one is for production env ) When I uploaded these one after another, both certs were uploaded succesfully. However both certs are listing the similar entitlements seperately. Please notice the 3rd and 4th entry of "Red Hat Update Infrastructure 1.2 (RPMs)" repo in following snippet. <snippet> Red Hat Update Infrastructure 1.2 (Debug RPMs) Expiration: 07-11-2012 Certificate: stage_content.pem Red Hat Update Infrastructure 1.2 (ISOs) Expiration: 07-11-2012 Certificate: stage_content.pem Red Hat Update Infrastructure 1.2 (RPMs) Expiration: 07-11-2012 Certificate: stage_content.pem << generated from stage env. Red Hat Update Infrastructure 1.2 (RPMs) Expiration: 03-21-2012 Certificate: new_content.pem Red Hat Update Infrastructure 1.2 (Source RPMs) Expiration: 07-11-2012 Certificate: stage_content.pem Red Hat Update Infrastructure i386 Beta Optional (RPMs) Expiration: 03-21-2012 Certificate: new_content.pem Red Hat Update Infrastructure x86_64 Beta Optional (RPMs) Expiration: 03-21-2012 Certificate: new_content.pem </snippet> Ideally the certs which has longest expiration date ( furthest in future) should only be listed. Version-Release number of selected component (if applicable): pulp 0.208 rh-rhui-tools 2.0.40 How reproducible: always with these certs Steps to Reproduce: 1. Upload one content certs ( new_content.pem) 2. Upload the other content certs with common entitlement of new_content.pem 3. list them Actual results: certs having similar entitlements displayed seperately. Red Hat Update Infrastructure 1.2 (RPMs) Expiration: 07-11-2012 Certificate: stage_content.pem << generated from stage env. Red Hat Update Infrastructure 1.2 (RPMs) Expiration: 03-21-2012 Certificate: new_content.pem Expected results: Ideally the entilement which has longest expiration date ( furthest in future) should only be listed. Additional info: