Bug 862909
| Summary: | [RFE] rct tool man page | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Bryan Kearney <bkearney> |
| Component: | subscription-manager | Assignee: | Adrian Likins <alikins> |
| Status: | CLOSED ERRATA | QA Contact: | IDM QE LIST <seceng-idm-qe-list> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.4 | CC: | jsefler, pschiffe, syeghiay |
| Target Milestone: | rc | Keywords: | FutureFeature, ManPageChange |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | subscription-manager-1.1.8-1 | Doc Type: | Enhancement |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-02-21 08:56:53 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 771481 | ||
|
Description
Bryan Kearney
2012-10-03 20:54:00 UTC
Committed to master: 1485b49ea11f8d4287bda46403e9fdfe95c4ee23 added to build/spec file
commit e32d8f0a15f67ec9ea2ec9e844a671890a4c6cd1
Author: Adrian Likins <alikins>
Date: Mon Nov 12 16:23:38 2012 -0500
862909: install rct man page
Verifying Version...
[root@jsefler-6 ~]# rpm -q subscription-manager
subscription-manager-1.1.9-1.el6.x86_64
[root@jsefler-6 ~]# man -P cat rct
rct(8) Certificate Information Tool rct(8)
NAME
rct - Displays information (headers) about or size and statistics of a
entitlement, product, or identity certificate used by Red Hat Subscrip-
tion Manager.
SYNOPSIS
rct cat-cert [--no-content] [--no-products] /path/to/certificate.pem
rct stat-cert /path/to/certificate.pem
DESCRIPTION
Red Hat Subscription Manager uses X.509 certificates to identify a reg-
istered system (identity certificate), the products installed on that
system (product certificates), and the subscriptions attached to the
system (entitlement certificates), including available content reposi-
tories, products, and support levels. All of the information that Sub-
scription Manager requires is contained in the body of the certificate.
COMMANDS
stat-cert
Prints the size of the certificate and other details about the
certificate. The precise details depend on the type of certifi-
cate being checked.
cat-cert
Prints the information that is contained in the certificate
itself, such as the certificate headers, serial numbers, prod-
ucts, and content sets. Two options, --no-content and --no-prod-
ucts, can be used to shorten the output to include only header
and descriptive information.
THE STAT-CERT COMMAND
The rct tool is used to gather information about the already-issued
certificates being used by Subscription Manager. The main reason for
that is that certificate sizes, for a number of reasons, impact content
delivery service performance. New certificate version (3.0 and later)
use more efficient encoding, resulting in smaller certificate content
sizes and better performance. If there are problems with the content
service timing out or returning errors, then the rct stat-cert command
can be used to check the size and version of a given entitlement cer-
tificate quickly.
This command has no options.
For large accounts and organizations, there can be a very large number
of products and content sets available. Older versions of entitlement
certificates (version 1.0) used different (less efficient) DER encod-
ing, so that large amounts of information results in very large cer-
tificates. (This is what caused timeouts or crashes when dealing with
some content services.) Newer entitlement certificate versions (version
3.0) use more efficient encoding on large content sets, which improves
overall subscription service performance.
A large number of content sets is anything over 185 total sets. Both
the total number of content sets and the size of the DER encoding in
the certificate could affect performance.
The statistics for an entitlement certificate show both the DER size
and the number of content sets, among other information: * Type (enti-
tlement certificate)
* Version (of the certificate style); newer versions will be
3.x, with better performance for handling large content sets
* DER size, which gives the size of the certificate contents
(not the size of the certificate file itself)
* Key size, for the associated key file, in bytes
* The total number of available content sets in the subscription
For example:
[root@server ~]# rct stat-cert /etc/pki/entitlement/2027912482659389239.pem
Type: Entitlement Certificate
Version: 1.0
DER size: 47555b
Subject Key ID size: 553b
Content sets: 100
While the size of the certificate is less of an issue for identity and
product certificates (which are quite small), the stat-cert command can
still be used to view the size and statistics of the certificates.
For a product certificate, the stat-cert command shows:
* Type (product certificate)
* Version (of the certificate style)
* DER size, which gives the size of the certificate contents
(not the size of the certificate file itself)
For example:
[root@server ~]# rct stat-cert /etc/pki/product/69.pem
Type: Product Certificate
Version: 1.0
DER size: 1558b
For an identity certificate:
* Type (identity certificate)
* Version (of the certificate style)
* DER size, which gives the size of the certificate contents
(not the size of the certificate file itself)
* Key size, for the associated key file, in bytes
For example:
[root@server ~]# rct stat-cert /etc/pki/consumer/cert.pem
Type: Identity Certificate
Version: 1.0
DER size: 1488b
Subject Key ID size: 20b
CAT-CERT COMMAND
Each certificate contains a complete set of information that contains
all of the details for whatever element is being identified. That
information can be displayed, in pretty-print form, using the cat-cert
command.
The most basic information is the information about the certificate
its, such as its directory path, its serial umber and subject name, and
its validity period (start and end dates). The information about the
certificate itself is in the Certificate section:
* Path -- the filesystem location where the certificate is
installed
* Version -- the certificate format version
* Serial -- the serial number for the certificate
* Start/End Date -- the validity period for the certificate
* Alt Name -- the subject alternative name, which uses the host-
name of the system rather than the UUID (for identity certifi-
cates only)
The Subject DN of the certificate is in the Subject section.
For example, for the identity certificate:
[root@server ~]# rct cat-cert /etc/pki/consumer/cert.pem
+-------------------------------------------+
Identity Certificate
+-------------------------------------------+
Certificate:
Path: /etc/pki/consumer/cert.pem
Version: 1.0
Serial: 824613308750035399
Start Date: 2012-11-09 16:20:22+00:00
End Date: 2013-11-09 16:20:22+00:00
Alt Name: DirName:/CN=server.example.com
Subject:
CN: e94bc90e-44a1-4f8c-b6fc-0a3e9d6fac2b
A product certificate contains additional information in a Product sec-
tion, which defines the information for the specific installed product,
such as its name, product version, and any yum tags used for that prod-
uct. For example:
[root@server ~]# rct cat-cert /etc/pki/product/69.pem
+-------------------------------------------+
Product Certificate
+-------------------------------------------+
Certificate:
Path: /etc/pki/product/69.pem
Version: 1.0
Serial: 12750047592154746449
Start Date: 2012-10-04 18:45:02+00:00
End Date: 2032-09-29 18:45:02+00:00
Subject:
CN: Red Hat Product ID [b4f7ac9e-b7ed-45fa-9dcc-323beb20e916]
Product:
ID: 69
Name: Red Hat Enterprise Linux Server
Version: 6.4
Arch: x86_64
Tags: rhel-6,rhel-6-server
The most information is contained in the entitlement certficate. Along
with the Certificate and Subject, it also has a Product section that
defines the product group that is covered by the subscription.
Then, it contains an Order section that details everything related to
the purchase of the subscription (such as the contract number, service
level, total quantity, quantities assigned to the system, and other
details on the subscription).
A subscription for a product covers the version purchased and every
previous version of the product. For example, when a subscription is
purchased for Red Hat Enterprise Linux 6.4, the subscription provides
full access to all RHEL 6 repositories, plus access to all RHEL 5
repositories and then other included product content repositories, like
Subscription Asset Manager. Every available content repository is lised
in a Content section that contains the repository name, associated
tags, its URL, and a notice on whether the yum repository is enabled by
default. For example:
[root@server ~]# rct cat-cert /etc/pki/entitlement/2027912482659389239.pem
+-------------------------------------------+
Entitlement Certificate
+-------------------------------------------+
Certificate:
Path: /etc/pki/entitlement/2027912482659389239.pem
Version: 1.0
Serial: 2027912482659389239
Start Date: 2011-12-31 05:00:00+00:00
End Date: 2012-12-31 04:59:59+00:00
Subject:
CN: 8a99f9843adc8b8f013ae5f9de022b73
Product:
ID: 69
Name: Red Hat Enterprise Linux Server
Version:
Arch: x86_64,ia64,x86
Tags:
Order:
Name: Red Hat Enterprise Linux Server, Premium (8 sockets) (Up to 4 guests)
Number: 2673502
SKU: RH0103708
Contract: 10011052
Account: 5206751
Service Level: Premium
Service Type: L1-L3
Quantity: 100
Quantity Used: 1
Socket Limit: 8
Virt Limit:
Virt Only: False
Subscription:
Stacking ID:
Warning Period: 0
Provides Management: 0
Content:
Type: yum
Name: Red Hat Enterprise Linux 6 Server (RPMs)
Label: rhel-6-server-rpms
Vendor: Red Hat
URL: /content/dist/rhel/server/6/$releasever/$basearch/os
GPG: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Enabled: True
Expires: 86400
Required Tags: rhel-6-server
Using the --no-content option when running rct cat-cert with an enti-
tlement certificate returns all of the certification information, order
information, and product information, but excludes all of the Content
sections, which significantly reduced the information printed to std-
out. If there are a lot of Product sections, as well, then those can be
excluded using the --no-product option.
FILES
* Product certificates: /etc/pki/product/*.pem
* Subscription certificates: etc/pki/entitlement/<serial#>.pem
* System identity certificates: /etc/pki/consumer/cert.pem
BUGS
This tool is part of Red Hat Subscription Manager. To file bugs against
this command-line tool, go to <https://bugzilla.redhat.com>, and select
Red Hat > Red Hat Enterprise Linux > subscription-manager.
AUTHORS
Deon Lackey <dlackey>, Michael Stead <mstead>,
and James Bowes <jbowes>. The rct tool was written by James
Bowes.
COPYRIGHT
Copyright (c) 2012 Red Hat, Inc. This is licensed under the GNU General
Public License, version 2 (GPLv2). A copy of this license is available
at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
version 1.0 November 8, 2012 rct(8)
VERIFIED: a man page for the rct tool now exists.
Note: Refinements to the rct man page will be requested by new bugzillas. This bugzilla was used to include the first version of the rct man page. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0350.html |