Bug 827032
| Summary: | Support autoregen of identity certificates | |||
|---|---|---|---|---|
| Product: | [Retired] Subscription Asset Manager | Reporter: | James Bowes <jbowes> | |
| Component: | candlepin | Assignee: | Devan Goodwin <dgoodwin> | |
| Status: | CLOSED ERRATA | QA Contact: | sthirugn <sthirugn> | |
| Severity: | unspecified | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 1.3 | CC: | bkearney, ckozak, dgoodwin, jomara, jsefler, sthirugn, tkolhar, tomckay | |
| Target Milestone: | rc | Keywords: | Triaged | |
| Target Release: | 1.3 | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | Bug Fix | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 995949 (view as bug list) | Environment: | ||
| Last Closed: | 2013-10-01 10:47:35 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 833466, 995949 | |||
|
Description
James Bowes
2012-05-31 13:31:42 UTC
Thank you for your bug report. This issue was evaluated for inclusion in the current release of Subscription Asset Manager (SAM). Unfortunately, we are unable to address this request. Because we are in the final stages of development in the current release, only significant, release-blocking issues involving serious regressions and data corruption can be considered. If you believe this issue meets the release blocking criteria as defined and communicated to you by your Red Hat Support representative, please ask your representative to file this issue as a blocker for the current release. Otherwise, ask that it be evaluated for inclusion in the next release of SAM. Thank you for your bug report. This issue was evaluated for inclusion in the current release of Subscription Asset Manager (SAM). Unfortunately, we are unable to address this request. Because we are in the final stages of development in the current release, only significant, release-blocking issues involving serious regressions and data corruption can be considered. If you believe this issue meets the release blocking criteria as defined and communicated to you by your Red Hat Support representative, please ask your representative to file this issue as a blocker for the current release. Otherwise, ask that it be evaluated for inclusion in the next release of SAM. This was added in commit 88750675891209f68c7cff24b4aef446017ea824 which was delivered with 0.7.3. FailedQA : was referring to https://bugzilla.redhat.com/show_bug.cgi?id=834558#c7 for verification # rpm -q subscription-managersubscription-manager-0.99.19-1.el6.x86_64 # curl -k -u admin:admin -stderr /dev/null https://hp-sl4540gen8-01.rhts.eng.bos.redhat.com:8443/candlepin/status | python -msimplejson/tool { "managerCapabilities": [ "cores", "ram", "instance_multiplier", "derived_product", "cert_v3" ], "release": "1", "result": true, "rulesSource": "DEFAULT", "rulesVersion": "4.0", "standalone": true, "timeUTC": "2013-08-13T12:36:09.912+0000", "version": "0.8.19" } Configure client to a candlepin server # subscription-manager config --server.hostname hp-sl4540gen8-01.rhts.eng.bos.redhat.com --server.port 8443 --server.prefix /candlepin --server.insecure 1 Register a client to candlepin server # subscription-manager register --username admin --password admin --org ACME_Corporation --force Insufficient permissions Unable to register Moving back to NEW to have it worked on. Moving this back to ON_QA, Tazim can you please look into verifying this again? The fact that you cannot register even before doing anything with dates / certificates is a strong indication something is wrong in your environment. Once you can register normally, then you can proceed with the steps to verify the bug. FAILED. SAM 1.3 Snap 5: Version Tested: katello-headpin-all-1.4.3-12.el6sam_splice.noarch katello-headpin-1.4.3-12.el6sam_splice.noarch Steps: client# rpm -Uvh http://sam-server/pub/candlepin-cert-consumer-latest.noarch.rpm client# subscription-manager register --org=ACME_Corporation --username=**** --password=**** The system has been registered with id: 3afe75ff-df20-4a48-bcd7-639d80647d6c client# rpm -q subscription-manager subscription-manager-1.1.23-1.el6.x86_64 client# openssl x509 -text -in /etc/pki/consumer/cert.pem | grep -A2 Validity Validity Not Before: Sep 10 02:39:41 2013 GMT Not After : Sep 10 02:39:41 2029 GMT server# date 061010112029 client# date 061010112029 client# openssl x509 -text -in /etc/pki/consumer/cert.pem |grep -A2 Validity Validity Not Before: Sep 10 03:04:50 2013 GMT Not After : Sep 10 03:04:50 2029 GMT Missed one step in Comment 7: client# service rhsmcertd restart client# openssl x509 -text -in /etc/pki/consumer/cert.pem |grep -A2 Validity Validity Not Before: Sep 10 03:04:50 2013 GMT Not After : Sep 10 03:04:50 2029 GMT 1. I also tried setting the sam server and using the same box as client 2. I tried executing /usr/libexec/rhsmcertd-worker None of these fixed the issue. Works for me with candlepin from master. Suresh: Any chance of getting on the box to recreate it. Verified.
Steps:
# subscription-manager register
Username: $user
Password:
The system has been registered with id: 1970b479-cdd6-4593-ab5e-3658e4cede2f
# openssl x509 -text -in /etc/pki/consumer/cert.pem |grep -A2 Validity
Validity
Not Before: Sep 13 11:29:04 2013 GMT
Not After : Sep 13 11:29:04 2029 GMT
# date -s "+15 years +11 months"
Mon Aug 13 07:30:17 EDT 2029
# /usr/libexec/rhsmcertd-worker
Updating entitlement certificates & repositories
server: 4580594865596027231
local: 5290141054483019406
129 updates required
done
# openssl x509 -text -in /etc/pki/consumer/cert.pem |grep -A2 Validity
Validity
Not Before: Aug 13 11:30:36 2029 GMT
Not After : Aug 13 11:30:36 2045 GMT
Version Tested:
* candlepin-0.8.25-1.el6sam.noarch
* candlepin-cert-consumer-cloud-qe-7.idm.lab.bos.redhat.com-1.0-1.noarch
* candlepin-scl-1-5.el6_4.noarch
* candlepin-scl-quartz-2.1.5-5.el6_4.noarch
* candlepin-scl-rhino-1.7R3-1.el6_4.noarch
* candlepin-scl-runtime-1-5.el6_4.noarch
* candlepin-selinux-0.8.25-1.el6sam.noarch
* candlepin-tomcat6-0.8.25-1.el6sam.noarch
* elasticsearch-0.19.9-8.el6sat.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.4.2-2.el6sat.noarch
* katello-cli-1.4.3-10.el6sat.noarch
* katello-cli-common-1.4.3-10.el6sat.noarch
* katello-common-1.4.3-12.el6sam_splice.noarch
* katello-configure-1.4.4-4.el6sat.noarch
* katello-glue-candlepin-1.4.3-12.el6sam_splice.noarch
* katello-glue-elasticsearch-1.4.3-12.el6sam_splice.noarch
* katello-headpin-1.4.3-12.el6sam_splice.noarch
* katello-headpin-all-1.4.3-12.el6sam_splice.noarch
* katello-selinux-1.4.4-2.el6sat.noarch
* thumbslug-0.0.34-1.el6sam.noarch
* thumbslug-selinux-0.0.34-1.el6sam.noarch
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2013-1390.html |