Bug 807433

Summary: RHEL6 image deployments from katello templates are missing /etc/pki/product/69.pem ... no content
Product: Red Hat Satellite Reporter: James Laska <jlaska>
Component: InfrastructureAssignee: Lukas Zapletal <lzap>
Status: CLOSED DUPLICATE QA Contact: Katello QA List <katello-qa-list>
Severity: high Docs Contact:
Priority: high    
Version: 6.0.0CC: dgregor, hbrock, jturner, whayutin
Target Milestone: Unspecified   
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-03-27 19:45:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description James Laska 2012-03-27 19:10:59 UTC 
Description of problem:

NOTE: analysis on this bug is inprogress, the component is likely not correct at the time of filing.

When building and deploying RHEL-6 images from katello hosted CDN content, the deployed images are missing a product cert (/etc/pki/product/69.pem).  Because this file is missing, the images are unable to download RHEL content.  My understanding is that the product cert (/etc/pki/product/69.pem) file is expected to be missing on ec2 deployments, since ec2 deployments should be using RHUI for content.  However, for private cloud deployments (RHEV or vSphere), the lack of a product cert (/etc/pki/product/69.pem) means that deployments cannot consume updates/errata from katello.

Version-Release number of selected component (if applicable):
 * katello-0.1.306-1.el6.src.rpm
 * katello-candlepin-cert-key-pair-1.0-1.src.rpm
 * katello-certs-tools-1.0.4-1.el6.src.rpm
 * katello-cli-0.1.107-1.el6.src.rpm
 * katello-configure-0.1.104-1.el6.src.rpm
 * katello-qpid-broker-key-pair-1.0-1.src.rpm
 * katello-qpid-client-key-pair-1.0-1.src.rpm
 * katello-selinux-0.1.8-1.el6.src.rpm
 * pulp-1.0.0-8.el6.src.rpm

How reproducible:
 * All RHEL6 deployments using CDN content are unable to receive content updates

Steps to Reproduce:
1. Prepare a system engine environment
   * Import access.qa.redhat.com MANIFEST
   * Sync
   * Promote content to 'Dev' environment
2. Create, promote and export a RHEL6 x86_64 system template
3. Import, build and deploy an image using a system template through Cloud Engine to RHEV or vSphere
  
Actual results:

There is no /etc/pki/product/69.pem file on installed system.  Therefore, while the system can register and subscribe to katello repos, it *cannot* consume content from them.

Expected results:

/etc/pki/product/69.pem needs to be a valid RHEL product cert

Additional info:

 * I see /mnt/sysimage/etc/pki/product/69.pem exists after the image is build/installed
 * I see /etc/pki/product/69.pem exists when the image is booted for customization
 * After deployment, /etc/pki/product/69.pem does not exist on the system

 * Somewhere between image push and deployment, the product cert is being removed.
Comment 1 wes hayutin 2012-03-27 19:36:09 UTC 
installation of https://qeblade30.rhq.lab.eng.bos.redhat.com/pub/candlepin-cert-consumer-qeblade30.rhq.lab.eng.bos.redhat.com-1.0-1.noarch.rpm removes the 69.pem file
Comment 2 wes hayutin 2012-03-27 19:37:31 UTC 
ah.. maybe not the rpm.. could be the yum product-id plugin.. that is called
Comment 3 wes hayutin 2012-03-27 19:45:23 UTC 
https://bugzilla.redhat.com/show_bug.cgi?id=806457

*** This bug has been marked as a duplicate of bug 806457 ***