Bug 852706
| Summary: | System is not unregistered after being deleted from candlepin server | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | lzhuang <lzhuang> |
| Component: | subscription-manager | Assignee: | Adrian Likins <alikins> |
| Status: | CLOSED ERRATA | QA Contact: | Entitlement Bugs <entitlement-bugs> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 5.9 | CC: | alikins, awood, bkearney, gxing, huiwang, jsefler, khong, liliu, sgao, skallesh, suli |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
Cause: When a consumer has been deleted on a candlepin server.
Consequence: The client is left in an inconsistent state with old consumer and entitlement certificates that are no longer valid.
Fix:
Result: Now the rhsmcert daemon recognizes this inconsistent state, cleans the old entitlements, makes a backup of the old consumer certificate, and allows the client to register with --force.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-01-08 04:01:24 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 771748 | ||
|
Comment 1
RHEL Program Management
2012-08-29 12:07:41 UTC
*** Bug 853857 has been marked as a duplicate of this bug. *** commit 476d17a29088e9cc9d6a5094bd2cd586f3f49c44
Author: Adrian Likins <alikins>
Date: Wed Sep 5 11:40:07 2012 -0400
Add test cases for certmgr.py (and make certlib testable)
852706 needed tests cases, and there was almost
no coverage of certmgr.py
The various *Lib and *Action classes create a ActionLock()
during at class parse time (ie, before the init runs) so
we can't really mock out ActionLock. So change certlib
to pass in it's own lock to it's invocation of CertLib.
Note: Those ActionLock() invocations need to go away, or
at least, lock should be a class attribute populated with
a ActionLock(), at least that way we would have a reference to
it.
commit 69be79cdb26a2a1a2b4ea792d27c1a851af9f2fb
Author: Adrian Likins <alikins>
Date: Wed Sep 5 11:37:55 2012 -0400
852706: Fix server side certs not being deleted client side
On a candlepin side consumer cert deletion, we return a
410/GoneException, which certmgr was catching and swallowing.
Let that exception bubble up so we handle the GoneException
properly.
Verifying Version... [root@jsefler-rhel59 ~]# rpm -q subscription-manager python-rhsm subscription-manager-1.0.23-1.el5 python-rhsm-1.0.10-1.el5 [root@jsefler-rhel59 ~]# subscription-manager register --username=testuser1 --org=admin --serverurl=jsefler-f14-candlepin.usersys.redhat.com:8443/candlepin Password: The system has been registered with id: 37da6f5a-43ed-4940-9f07-fd86563ca009 [root@jsefler-rhel59 ~]# subscription-manager list --avail | grep "Pool Id" | head -2 Pool Id: 8a90f81d3a713d64013a7384365e7973 Pool Id: 8a90f81d3a713d64013a713faa5704cc [root@jsefler-rhel59 ~]# subscription-manager subscribe --pool 8a90f81d3a713d64013a7384365e7973 --pool 8a90f81d3a713d64013a713faa5704cc Successfully consumed a subscription for: The "Ultimate SLA" service level subscription Successfully consumed a subscription for: Shared File System [root@jsefler-rhel59 ~]# subscription-manager identity Current identity is: 37da6f5a-43ed-4940-9f07-fd86563ca009 name: jsefler-rhel59.usersys.redhat.com org name: Admin Owner org id: admin [root@jsefler-rhel59 ~]# ls -l /etc/pki/entitlement/ total 32 -rw------- 1 root root 1679 Oct 18 13:58 5867571267558982210-key.pem -rw-r--r-- 1 root root 1944 Oct 18 13:58 5867571267558982210.pem -rw------- 1 root root 1679 Oct 18 13:58 7098429472854166482-key.pem -rw-r--r-- 1 root root 1956 Oct 18 13:58 7098429472854166482.pem [root@jsefler-rhel59 ~]# curl --stderr /dev/null --insecure --user admin:*** --request DELETE https://jsefler-f14-candlepin.usersys.redhat.com:8443/candlepin/consumers/37da6f5a-43ed-4940-9f07-fd86563ca009 [root@jsefler-rhel59 ~]# subscription-manager identity Consumer 37da6f5a-43ed-4940-9f07-fd86563ca009 has been deleted [root@jsefler-rhel59 ~]# service rhsmcertd restart Stopping rhsmcertd... [ OK ] Starting rhsmcertd... [ OK ] [root@jsefler-rhel59 ~]# subscription-manager identity Consumer 37da6f5a-43ed-4940-9f07-fd86563ca009 has been deleted [root@jsefler-rhel59 ~]# [root@jsefler-rhel59 ~]# ************************************* IMPORTANT: Notice that immediately after we restarted rhsmcertd above, subscription-manager identity continues to report that the consumer has been deleted. Due to a change in bug 818978, we must now wait 2 minutes for rhsmcertd to trigger the first cert check. Waiting 2 minutes... ************************************* [root@jsefler-rhel59 ~]# [root@jsefler-rhel59 ~]# [root@jsefler-rhel59 ~]# subscription-manager identity This system is not yet registered. Try 'subscription-manager register --help' for more information. [root@jsefler-rhel59 ~]# ls /etc/pki/consumer ls: /etc/pki/consumer: No such file or directory [root@jsefler-rhel59 ~]# ls /etc/pki/consumer.old/ cert.pem key.pem [root@jsefler-rhel59 ~]# ls /etc/pki/entitlement/ [root@jsefler-rhel59 ~]# VERIFIED: After restarting rhsmcertd and waiting 2 minutes, rhsmcertd handles a GoneException and then moves /etc/pki/consumer to /etc/pki/consumer.old/ and the /etc/pki/entitlement/ is emptied. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0033.html |