Bug 838113

Summary: subscription-manager unregister leaves redhat.repo dirty which causes yum repolist traceback
Product: Red Hat Enterprise Linux 5 Reporter: John Sefler <jsefler>
Component: subscription-managerAssignee: Adrian Likins <alikins>
Status: CLOSED ERRATA QA Contact: Entitlement Bugs <entitlement-bugs>
Severity: high Docs Contact:
Priority: unspecified    
Version: 5.9CC: alikins, awood, bgollahe, bkearney, skallesh
Target Milestone: rcKeywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
No documentation needed.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2013-01-08 03:56:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 771748    

Description John Sefler 2012-07-06 16:13:18 UTC 
Description of problem:
After unregistering, the redhat.repo remains dirty which causes the next yum transaction to throw a M2Crypto.SSL.SSLError: No such file or directory since it is trying to load the entitlement certs referenced by sslclientcerts which are no longer there.

Version-Release number of selected component (if applicable):
[root@jsefler-59server ~]# rpm -q subscription-manager python-rhsm
subscription-manager-1.0.8-1.git.8.b51785c.el5
python-rhsm-1.0.3-1.git.0.583d26c.el5

How reproducible:


Steps to Reproduce:
[root@jsefler-59server ~]# subscription-manager register --username=testuser1 --force --org admin
Password: 
The system has been registered with id: 5e57811a-db83-4be0-9ca0-531e74729530 

[root@jsefler-59server ~]# yum repolist -q
This system is not registered with RHN.
RHN Satellite or RHN Classic support will be disabled.

[root@jsefler-59server ~]# subscription-manager list --avail | grep "Pool Id" | head -1
Pool Id:              	8a90f8753859805a0138598161e70245

[root@jsefler-59server ~]# subscription-manager subscribe --pool 8a90f8753859805a0138598161e70245
Successfully consumed a subscription for: Awesome OS Server Bundled

[root@jsefler-59server ~]# yum repolist -q
This system is not registered with RHN.
RHN Satellite or RHN Classic support will be disabled.
https://cdn.redhat.com/foo/path/always/5Server/repodata/repomd.xml: [Errno 14] HTTP Error 403: Forbidden
Trying other mirror.

[root@jsefler-59server ~]# subscription-manager unregister
System has been un-registered.

[root@jsefler-59server ~]# yum repolist -q
This system is not registered with RHN.
RHN Satellite or RHN Classic support will be disabled.
Traceback (most recent call last):
  File "/usr/bin/yum", line 29, in ?
    yummain.user_main(sys.argv[1:], exit_code=True)
  File "/usr/share/yum-cli/yummain.py", line 309, in user_main
    errcode = main(args)
  File "/usr/share/yum-cli/yummain.py", line 178, in main
    result, resultmsgs = base.doCommands()
  File "/usr/share/yum-cli/cli.py", line 349, in doCommands
    return self.yum_cli_commands[self.basecmd].doCommand(self, self.basecmd, self.extcmds)
  File "/usr/share/yum-cli/yumcommands.py", line 788, in doCommand
    base.repos.populateSack()
  File "/usr/lib/python2.4/site-packages/yum/repos.py", line 260, in populateSack
    sack.populate(repo, mdtype, callback, cacheonly)
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 168, in populate
    if self._check_db_version(repo, mydbtype):
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 226, in _check_db_version
    return repo._check_db_version(mdtype)
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1226, in _check_db_version
    repoXML = self.repoXML
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1399, in <lambda>
    repoXML = property(fget=lambda self: self._getRepoXML(),
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1391, in _getRepoXML
    self._loadRepoXML(text=self)
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1381, in _loadRepoXML
    return self._groupLoadRepoXML(text, ["primary"])
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1365, in _groupLoadRepoXML
    if self._commonLoadRepoXML(text):
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1201, in _commonLoadRepoXML
    result = self._getFileRepoXML(local, text)
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 974, in _getFileRepoXML
    cache=self.http_caching == 'all')
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 805, in _getFile
    result = self.grab.urlgrab(misc.to_utf8(relative), local,
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 511, in <lambda>
    grab = property(lambda self: self._getgrab())
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 506, in _getgrab
    self._setupGrab()
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 474, in _setupGrab
    ugopts = self._default_grabopts()
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 486, in _default_grabopts
    opts = { 'keepalive': self.keepalive,
  File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 656, in _getSslContext
    sslCtx.load_cert(self.sslclientcert, self.sslclientkey)
  File "/usr/lib64/python2.4/site-packages/M2Crypto/SSL/Context.py", line 74, in load_cert
    m2.ssl_ctx_use_cert(self.ctx, certfile)
M2Crypto.SSL.SSLError: No such file or directory

[root@jsefler-59server ~]# cat /etc/yum.repos.d/redhat.repo 
#
# Certificate-Based Repositories
# Managed by (rhsm) subscription-manager
#
# If this file is empty and this system is subscribed consider 
# a "yum repolist" to refresh available repos
#

[content-label-empty-gpg]
name = content-emptygpg
baseurl = https://cdn.redhat.com/foo/path
enabled = 1
gpgcheck = 0
sslverify = 1
sslcacert = /etc/rhsm/ca/redhat-uep.pem
sslclientkey = /etc/pki/entitlement/3192361753955052838-key.pem
sslclientcert = /etc/pki/entitlement/3192361753955052838.pem
metadata_expire = 0

[content-label]
name = content
baseurl = https://cdn.redhat.com/foo/path
enabled = 1
gpgcheck = 1
gpgkey = https://cdn.redhat.com/foo/path/gpg/
sslverify = 1
sslcacert = /etc/rhsm/ca/redhat-uep.pem
sslclientkey = /etc/pki/entitlement/3192361753955052838-key.pem
sslclientcert = /etc/pki/entitlement/3192361753955052838.pem
metadata_expire = 0

[content-label-no-gpg]
name = content-nogpg
baseurl = https://cdn.redhat.com/foo/path
enabled = 1
gpgcheck = 0
sslverify = 1
sslcacert = /etc/rhsm/ca/redhat-uep.pem
sslclientkey = /etc/pki/entitlement/3192361753955052838-key.pem
sslclientcert = /etc/pki/entitlement/3192361753955052838.pem
metadata_expire = 0

[always-enabled-content]
name = always-enabled-content
baseurl = https://cdn.redhat.com/foo/path/always/$releasever
enabled = 1
gpgcheck = 1
gpgkey = https://cdn.redhat.com/foo/path/always/gpg
sslverify = 1
sslcacert = /etc/rhsm/ca/redhat-uep.pem
sslclientkey = /etc/pki/entitlement/3192361753955052838-key.pem
sslclientcert = /etc/pki/entitlement/3192361753955052838.pem
metadata_expire = 200

[never-enabled-content]
name = never-enabled-content
baseurl = https://cdn.redhat.com/foo/path/never
enabled = 0
gpgcheck = 1
gpgkey = https://cdn.redhat.com/foo/path/never/gpg
sslverify = 1
sslcacert = /etc/rhsm/ca/redhat-uep.pem
sslclientkey = /etc/pki/entitlement/3192361753955052838-key.pem
sslclientcert = /etc/pki/entitlement/3192361753955052838.pem
metadata_expire = 600
[root@jsefler-59server ~]# 




  
Actual results:
look up


Expected results:
There should be no traceback (and redhat.repo cleared) when running yum repolist after unregistering from subscription-manager.

Additional info:
This looks like a re-occurance of Bug 674652
Comment 2 Adrian Likins 2012-08-01 20:07:14 UTC 
commit 441f13b5d656f5caf3d93609444c280fd82ec7d8
Author: Adrian Likins <alikins>
Date:   Wed Aug 1 15:23:01 2012 -0400

    838113: 'unregister' was not cleaning up repos
    
    After unregistering, we were running IdentityCertLib update
    actions, which assumed consumer cert existed, and were
    raising exceptions. certmgt.update was not handling
    exceptions there well, and raised them up into
    the UnRegister.do_command, where it was ignored.
    This prevented the rest of the update methods from
    running, which included repolib, so repo's were
    not being cleaned up.
    
    Try to handle exceptions in the update actions
    better (and log them). Also make IdentityCertLib.update
    not fail on unregistered systems.

(patch out for review)
Comment 3 Adrian Likins 2012-08-02 15:26:57 UTC 
merged
Comment 5 Shwetha Kallesh 2012-08-07 07:31:27 UTC 
Verified!!

RPM used:

[root@dhcp201-115 ~]# rpm -qa | grep subscription-manager
subscription-manager-migration-data-1.11.2.2-1.git.2.c3c8e22.el5
subscription-manager-firstboot-1.0.12-1.git.36.cb30843.el5
subscription-manager-migration-1.0.12-1.git.36.cb30843.el5
subscription-manager-1.0.12-1.git.36.cb30843.el5
subscription-manager-gui-1.0.12-1.git.36.cb30843.el5


[root@dhcp201-115 ~]# subscription-manager register --username=testuser1 --force --org admin
The system with UUID ad74a2b6-79cb-42c0-96aa-5e8fb062ae42 has been unregistered
Password: 
The system has been registered with id: d60411fe-1e48-416d-91fc-fc7e1918d52f 
[root@dhcp201-115 ~]# yum repolist -q
This system is not registered with RHN.
RHN Satellite or RHN Classic support will be disabled.
https://cdn.redhat.com/foo/path/never/repodata/repomd.xml: [Errno 14] HTTP Error 403: Forbidden
Trying other mirror.
[root@dhcp201-115 ~]# subscription-manager list --avail | grep "Pool Id" | head -1
Pool Id:              	8ac1493438fc33ee0138fc34ba0a0253
[root@dhcp201-115 ~]# subscription-manager subscribe --pool 8a90f8753859805a0138598161e70245
Subscription pool 8a90f8753859805a0138598161e70245 does not exist.
[root@dhcp201-115 ~]# yum repolist -q
This system is not registered with RHN.
RHN Satellite or RHN Classic support will be disabled.
https://cdn.redhat.com/foo/path/never/repodata/repomd.xml: [Errno 14] HTTP Error 403: Forbidden
Trying other mirror.

[root@dhcp201-115 ~]# subscription-manager unregister
System has been un-registered.
[root@dhcp201-115 ~]# yum repolist -q
This system is not registered with RHN.
RHN Satellite or RHN Classic support will be disabled.
[root@dhcp201-115 ~]# cat /etc/yum.repos.d/redhat.repo 
#
# Certificate-Based Repositories
# Managed by (rhsm) subscription-manager
#
# If this file is empty and this system is subscribed consider 
# a "yum repolist" to refresh available repos
#
Comment 7 errata-xmlrpc 2013-01-08 03:56:30 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0033.html