Bug 862909
Summary: | [RFE] rct tool man page | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Bryan Kearney <bkearney> |
Component: | subscription-manager | Assignee: | Adrian Likins <alikins> |
Status: | CLOSED ERRATA | QA Contact: | IDM QE LIST <seceng-idm-qe-list> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.4 | CC: | jsefler, pschiffe, syeghiay |
Target Milestone: | rc | Keywords: | FutureFeature, ManPageChange |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | subscription-manager-1.1.8-1 | Doc Type: | Enhancement |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-02-21 08:56:53 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 771481 |
Description
Bryan Kearney
2012-10-03 20:54:00 UTC
Committed to master: 1485b49ea11f8d4287bda46403e9fdfe95c4ee23 added to build/spec file commit e32d8f0a15f67ec9ea2ec9e844a671890a4c6cd1 Author: Adrian Likins <alikins> Date: Mon Nov 12 16:23:38 2012 -0500 862909: install rct man page Verifying Version... [root@jsefler-6 ~]# rpm -q subscription-manager subscription-manager-1.1.9-1.el6.x86_64 [root@jsefler-6 ~]# man -P cat rct rct(8) Certificate Information Tool rct(8) NAME rct - Displays information (headers) about or size and statistics of a entitlement, product, or identity certificate used by Red Hat Subscrip- tion Manager. SYNOPSIS rct cat-cert [--no-content] [--no-products] /path/to/certificate.pem rct stat-cert /path/to/certificate.pem DESCRIPTION Red Hat Subscription Manager uses X.509 certificates to identify a reg- istered system (identity certificate), the products installed on that system (product certificates), and the subscriptions attached to the system (entitlement certificates), including available content reposi- tories, products, and support levels. All of the information that Sub- scription Manager requires is contained in the body of the certificate. COMMANDS stat-cert Prints the size of the certificate and other details about the certificate. The precise details depend on the type of certifi- cate being checked. cat-cert Prints the information that is contained in the certificate itself, such as the certificate headers, serial numbers, prod- ucts, and content sets. Two options, --no-content and --no-prod- ucts, can be used to shorten the output to include only header and descriptive information. THE STAT-CERT COMMAND The rct tool is used to gather information about the already-issued certificates being used by Subscription Manager. The main reason for that is that certificate sizes, for a number of reasons, impact content delivery service performance. New certificate version (3.0 and later) use more efficient encoding, resulting in smaller certificate content sizes and better performance. If there are problems with the content service timing out or returning errors, then the rct stat-cert command can be used to check the size and version of a given entitlement cer- tificate quickly. This command has no options. For large accounts and organizations, there can be a very large number of products and content sets available. Older versions of entitlement certificates (version 1.0) used different (less efficient) DER encod- ing, so that large amounts of information results in very large cer- tificates. (This is what caused timeouts or crashes when dealing with some content services.) Newer entitlement certificate versions (version 3.0) use more efficient encoding on large content sets, which improves overall subscription service performance. A large number of content sets is anything over 185 total sets. Both the total number of content sets and the size of the DER encoding in the certificate could affect performance. The statistics for an entitlement certificate show both the DER size and the number of content sets, among other information: * Type (enti- tlement certificate) * Version (of the certificate style); newer versions will be 3.x, with better performance for handling large content sets * DER size, which gives the size of the certificate contents (not the size of the certificate file itself) * Key size, for the associated key file, in bytes * The total number of available content sets in the subscription For example: [root@server ~]# rct stat-cert /etc/pki/entitlement/2027912482659389239.pem Type: Entitlement Certificate Version: 1.0 DER size: 47555b Subject Key ID size: 553b Content sets: 100 While the size of the certificate is less of an issue for identity and product certificates (which are quite small), the stat-cert command can still be used to view the size and statistics of the certificates. For a product certificate, the stat-cert command shows: * Type (product certificate) * Version (of the certificate style) * DER size, which gives the size of the certificate contents (not the size of the certificate file itself) For example: [root@server ~]# rct stat-cert /etc/pki/product/69.pem Type: Product Certificate Version: 1.0 DER size: 1558b For an identity certificate: * Type (identity certificate) * Version (of the certificate style) * DER size, which gives the size of the certificate contents (not the size of the certificate file itself) * Key size, for the associated key file, in bytes For example: [root@server ~]# rct stat-cert /etc/pki/consumer/cert.pem Type: Identity Certificate Version: 1.0 DER size: 1488b Subject Key ID size: 20b CAT-CERT COMMAND Each certificate contains a complete set of information that contains all of the details for whatever element is being identified. That information can be displayed, in pretty-print form, using the cat-cert command. The most basic information is the information about the certificate its, such as its directory path, its serial umber and subject name, and its validity period (start and end dates). The information about the certificate itself is in the Certificate section: * Path -- the filesystem location where the certificate is installed * Version -- the certificate format version * Serial -- the serial number for the certificate * Start/End Date -- the validity period for the certificate * Alt Name -- the subject alternative name, which uses the host- name of the system rather than the UUID (for identity certifi- cates only) The Subject DN of the certificate is in the Subject section. For example, for the identity certificate: [root@server ~]# rct cat-cert /etc/pki/consumer/cert.pem +-------------------------------------------+ Identity Certificate +-------------------------------------------+ Certificate: Path: /etc/pki/consumer/cert.pem Version: 1.0 Serial: 824613308750035399 Start Date: 2012-11-09 16:20:22+00:00 End Date: 2013-11-09 16:20:22+00:00 Alt Name: DirName:/CN=server.example.com Subject: CN: e94bc90e-44a1-4f8c-b6fc-0a3e9d6fac2b A product certificate contains additional information in a Product sec- tion, which defines the information for the specific installed product, such as its name, product version, and any yum tags used for that prod- uct. For example: [root@server ~]# rct cat-cert /etc/pki/product/69.pem +-------------------------------------------+ Product Certificate +-------------------------------------------+ Certificate: Path: /etc/pki/product/69.pem Version: 1.0 Serial: 12750047592154746449 Start Date: 2012-10-04 18:45:02+00:00 End Date: 2032-09-29 18:45:02+00:00 Subject: CN: Red Hat Product ID [b4f7ac9e-b7ed-45fa-9dcc-323beb20e916] Product: ID: 69 Name: Red Hat Enterprise Linux Server Version: 6.4 Arch: x86_64 Tags: rhel-6,rhel-6-server The most information is contained in the entitlement certficate. Along with the Certificate and Subject, it also has a Product section that defines the product group that is covered by the subscription. Then, it contains an Order section that details everything related to the purchase of the subscription (such as the contract number, service level, total quantity, quantities assigned to the system, and other details on the subscription). A subscription for a product covers the version purchased and every previous version of the product. For example, when a subscription is purchased for Red Hat Enterprise Linux 6.4, the subscription provides full access to all RHEL 6 repositories, plus access to all RHEL 5 repositories and then other included product content repositories, like Subscription Asset Manager. Every available content repository is lised in a Content section that contains the repository name, associated tags, its URL, and a notice on whether the yum repository is enabled by default. For example: [root@server ~]# rct cat-cert /etc/pki/entitlement/2027912482659389239.pem +-------------------------------------------+ Entitlement Certificate +-------------------------------------------+ Certificate: Path: /etc/pki/entitlement/2027912482659389239.pem Version: 1.0 Serial: 2027912482659389239 Start Date: 2011-12-31 05:00:00+00:00 End Date: 2012-12-31 04:59:59+00:00 Subject: CN: 8a99f9843adc8b8f013ae5f9de022b73 Product: ID: 69 Name: Red Hat Enterprise Linux Server Version: Arch: x86_64,ia64,x86 Tags: Order: Name: Red Hat Enterprise Linux Server, Premium (8 sockets) (Up to 4 guests) Number: 2673502 SKU: RH0103708 Contract: 10011052 Account: 5206751 Service Level: Premium Service Type: L1-L3 Quantity: 100 Quantity Used: 1 Socket Limit: 8 Virt Limit: Virt Only: False Subscription: Stacking ID: Warning Period: 0 Provides Management: 0 Content: Type: yum Name: Red Hat Enterprise Linux 6 Server (RPMs) Label: rhel-6-server-rpms Vendor: Red Hat URL: /content/dist/rhel/server/6/$releasever/$basearch/os GPG: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release Enabled: True Expires: 86400 Required Tags: rhel-6-server Using the --no-content option when running rct cat-cert with an enti- tlement certificate returns all of the certification information, order information, and product information, but excludes all of the Content sections, which significantly reduced the information printed to std- out. If there are a lot of Product sections, as well, then those can be excluded using the --no-product option. FILES * Product certificates: /etc/pki/product/*.pem * Subscription certificates: etc/pki/entitlement/<serial#>.pem * System identity certificates: /etc/pki/consumer/cert.pem BUGS This tool is part of Red Hat Subscription Manager. To file bugs against this command-line tool, go to <https://bugzilla.redhat.com>, and select Red Hat > Red Hat Enterprise Linux > subscription-manager. AUTHORS Deon Lackey <dlackey>, Michael Stead <mstead>, and James Bowes <jbowes>. The rct tool was written by James Bowes. COPYRIGHT Copyright (c) 2012 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. version 1.0 November 8, 2012 rct(8) VERIFIED: a man page for the rct tool now exists. Note: Refinements to the rct man page will be requested by new bugzillas. This bugzilla was used to include the first version of the rct man page. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0350.html |