Bug 961003
| Summary: | Product ID cert deletion specific to HA | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Sharath Dwaral <fsharath> |
| Component: | subscription-manager | Assignee: | Adrian Likins <alikins> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | IDM QE LIST <seceng-idm-qe-list> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.0 | CC: | alikins, ckozak, jgalipea, jsefler |
| Target Milestone: | rc | ||
| Target Release: | 7.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-06-13 09:40:48 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 863175 | ||
Tempted to just call this WONTFIX given the unusual names of the product tags for those products (ie, "rhel-6-server-highavailibity" is hard to differentiate from "rhel-6-server" or "rhel-6-everything" or "rhel-6-somenewvariant" without hardcoding. I'll try something like checking for "rhel-\d*" but not "rhel-\d*-* and see if that works against the known tags. commit 2d23e49004561730ee25e3c3e2125b20987dedbd
Author: Adrian Likins <alikins>
Date: Fri Jan 31 12:25:28 2014 -0500
961003: Stricter matches for rhel product tags
Fix cases where we wont delete product certs
for "rhel-6-server-highavailability" since we think
that is a rhel base os product.
Split out the tag matcher to it's own class, and
switch to a regex implementation. Add test
cases for class.
DISCLAIMER: At this time, the High Availablility SKUs do not provide any rhel-7 content. To verify this bug, I will use a continuous integration build of subscription-manager on an el6 platform.
Verifying Version...
[root@jsefler-6 ~]# subscription-manager version
server type: Red Hat Subscription Management
subscription management server: Unknown
subscription-manager: 1.11.1-1.git.17.013b33a.el6
python-rhsm: 1.11.1-1.git.3.26129de.el6
[root@jsefler-6 ~]# rpm --changelog -q subscription-manager | grep 961003
- 961003: Stricter matches for rhel product tags (alikins)
[root@jsefler-6 ~]# cat /var/lib/rhsm/productid.js
{
"69": [
"rhel-x86_64-server-6",
"latest-rhel65"
]
}
[root@jsefler-6 ~]# subscription-manager register --username stage_test_2 --serverurl=subscription.rhn.stage.redhat.com:443/subscription --baseurl=https://cdn.redhat.com
Password:
The system has been registered with ID: 5ad96a31-41c3-4055-9d04-f07407142e2e
[root@jsefler-6 ~]# subscription-manager list --available
+-------------------------------------------+
Available Subscriptions
+-------------------------------------------+
Subscription Name: High-Availability (8 sockets)
Provides: Red Hat Enterprise Linux High Availability (for RHEL Server)
SKU: RH1149049
Contract: 10318296
Pool ID: 8a99f984435872b601436587e26261ea
Available: 998
Suggested: 1
Service Level: Layered
Service Type: L1-L3
Subscription Type: Standard
Ends: 12/07/2015
System Type: Physical
[root@jsefler-6 ~]# subscription-manager attach --pool 8a99f984435872b601436587e26261ea
Successfully attached a subscription for: High-Availability (8 sockets)
[root@jsefler-6 ~]# subscription-manager list --installed
+-------------------------------------------+
Installed Product Status
+-------------------------------------------+
Product Name: Red Hat Enterprise Linux Server
Product ID: 69
Version: 6.5
Arch: x86_64
Status: Not Subscribed
Status Details: Not supported by a valid subscription.
Starts:
Ends:
[root@jsefler-6 ~]# yum install ccs
Loaded plugins: product-id, refresh-packagekit, rhnplugin, security,
: subscription-manager
This system is not registered with RHN Classic or RHN Satellite.
You can use rhn_register to register.
RHN Satellite or RHN Classic support will be disabled.
rhel-ha-for-rhel-6-server-rpms | 3.7 kB 00:00
rhel-ha-for-rhel-6-server-rpms/primary_db | 239 kB 00:00
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package ccs.x86_64 0:0.16.2-69.el6_5.1 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=======================================================================
Package
Arch Version Repository Size
=======================================================================
Installing:
ccs x86_64 0.16.2-69.el6_5.1 rhel-ha-for-rhel-6-server-rpms 49 k
Transaction Summary
=======================================================================
Install 1 Package(s)
Total download size: 49 k
Installed size: 287 k
Is this ok [y/N]: y
Downloading Packages:
ccs-0.16.2-69.el6_5.1.x86_64.rpm | 49 kB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
Installing : ccs-0.16.2-69.el6_5.1.x86_64 1/1
rhel-ha-for-rhel-6-server-rpms/productid | 1.7 kB 00:00
Verifying : ccs-0.16.2-69.el6_5.1.x86_64 1/1
Installed:
ccs.x86_64 0:0.16.2-69.el6_5.1
Complete!
[root@jsefler-6 ~]# ls /etc/pki/product/
69.pem 83.pem
[root@jsefler-6 ~]# subscription-manager list --installed
+-------------------------------------------+
Installed Product Status
+-------------------------------------------+
Product Name: Red Hat Enterprise Linux Server
Product ID: 69
Version: 6.5
Arch: x86_64
Status: Not Subscribed
Status Details: Not supported by a valid subscription.
Starts:
Ends:
Product Name: Red Hat Enterprise Linux High Availability (for RHEL
Server)
Product ID: 83
Version: 6.5
Arch: x86_64
Status: Subscribed
Status Details:
Starts: 02/21/2014
Ends: 12/07/2015
[root@jsefler-6 ~]# cat /var/lib/rhsm/productid.js
{
"69": [
"rhel-x86_64-server-6",
"latest-rhel65"
],
"83": [
"rhel-ha-for-rhel-6-server-rpms"
]
}
VERIFIED: The High Availability product cert 83.pem has been installed and correctly shows a Status: Subscribed in the list --installed.
[root@jsefler-6 ~]# yum remove ccs --quiet -y
This system is not registered with RHN Classic or RHN Satellite.
You can use rhn_register to register.
RHN Satellite or RHN Classic support will be disabled.
[root@jsefler-6 ~]#
[root@jsefler-6 ~]# ls /etc/pki/product/
69.pem 83.pem
[root@jsefler-6 ~]# rpm -q ccs
package ccs is not installed
FAILED: Product cert 83.pem remains on the system when we expected it to be removed since the removal of package ccs was the last remaining package provided by repo rhel-ha-for-rhel-6-server-rpms.
Upon further discussions with alikins, the fact that the removal of package ccs left the system with no active yum repos will stop the algorithm from removing any product certs. This may actually be a safety since we would not want to remove a product cert that provides tags that content sets from a future applied subscription would require. Moreover, the scenario tested in comment 6 is not a practical scenario because there is no subscription coverage for the base RHEL product 69. What we should do is attach a subscription for RHEL product 69 and then re-test the yum install and removal of ccs from the High Availability repo. Let's do it... [root@jsefler-6 ~]# subscription-manager subscribe --auto Installed Product Current Status: Product Name: Red Hat Enterprise Linux Server Status: Subscribed Product Name: Red Hat Enterprise Linux High Availability (for RHEL Server) Status: Subscribed [root@jsefler-6 ~]# subscription-manager list --consumed +-------------------------------------------+ Consumed Subscriptions +-------------------------------------------+ Subscription Name: Red Hat Enterprise Linux Server, Premium (8 sockets) (Up to 4 guests) Provides: Red Hat Software Collections Beta (for RHEL Server) Red Hat Enterprise Linux Server Red Hat Enterprise Linux 7 Public Beta Red Hat Beta SKU: RH0103708 Contract: 10319273 Account: 5364446 Serial: 8930857063214769019 Pool ID: 8a99f984436961160143713f534c0e78 Active: True Quantity Used: 1 Service Level: PREMIUM Service Type: L1-L3 Status Details: Subscription Type: Standard Starts: 01/05/2014 Ends: 01/04/2015 System Type: Virtual Subscription Name: High-Availability (8 sockets) Provides: Red Hat Enterprise Linux High Availability (for RHEL Server) SKU: RH1149049 Contract: 10318296 Account: 5364446 Serial: 1605339460264626765 Pool ID: 8a99f984435872b601436587e26261ea Active: True Quantity Used: 1 Service Level: Layered Service Type: L1-L3 Status Details: Subscription Type: Standard Starts: 02/21/2014 Ends: 12/07/2015 System Type: Physical [root@jsefler-6 ~]# yum install --quiet -y ccs This system is not registered with RHN Classic or RHN Satellite. You can use rhn_register to register. RHN Satellite or RHN Classic support will be disabled. [root@jsefler-6 ~]# ls /etc/pki/product/ 69.pem 83.pem [root@jsefler-6 ~]# subscription-manager list --installed +-------------------------------------------+ Installed Product Status +-------------------------------------------+ Product Name: Red Hat Enterprise Linux Server Product ID: 69 Version: 6.5 Beta Arch: x86_64 Status: Subscribed Status Details: Starts: 01/05/2014 Ends: 01/04/2015 Product Name: Red Hat Enterprise Linux High Availability (for RHEL Server) Product ID: 83 Version: 6.5 Arch: x86_64 Status: Subscribed Status Details: Starts: 02/21/2014 Ends: 12/07/2015 [root@jsefler-6 ~]# yum remove ccs --quiet -y This system is not registered with RHN Classic or RHN Satellite. You can use rhn_register to register. RHN Satellite or RHN Classic support will be disabled. [root@jsefler-6 ~]# ls /etc/pki/product/ 69.pem [root@jsefler-6 ~]# cat /var/lib/rhsm/productid.js { "69": [ "rhel-x86_64-server-6", "latest-rhel65", "rhel-6-server-cf-tools-1-rpms", "rhel-6-server-rpms" ] } [root@jsefler-6 ~]# subscription-manager list --installed +-------------------------------------------+ Installed Product Status +-------------------------------------------+ Product Name: Red Hat Enterprise Linux Server Product ID: 69 Version: 6.5 Beta Arch: x86_64 Status: Subscribed Status Details: Starts: 01/05/2014 Ends: 01/04/2015 VERIFIED! Finally the product cert is removed when the final package from the repo is removed and there is still an active yum repo remaining (rhel-6-server-rpms which provides the rhel packages). Let's do it again... [root@jsefler-6 ~]# yum install --quiet -y ccs This system is not registered with RHN Classic or RHN Satellite. You can use rhn_register to register. RHN Satellite or RHN Classic support will be disabled. [root@jsefler-6 ~]# ls /etc/pki/product/ 69.pem 83.pem [root@jsefler-6 ~]# yum install --quiet -y pacemaker-doc This system is not registered with RHN Classic or RHN Satellite. You can use rhn_register to register. RHN Satellite or RHN Classic support will be disabled. [root@jsefler-6 ~]# ls /etc/pki/product/ 69.pem 83.pem [root@jsefler-6 ~]# yum remove --quiet -y ccs This system is not registered with RHN Classic or RHN Satellite. You can use rhn_register to register. RHN Satellite or RHN Classic support will be disabled. [root@jsefler-6 ~]# ls /etc/pki/product/ 69.pem 83.pem [root@jsefler-6 ~]# yum remove --quiet -y pacemaker-doc This system is not registered with RHN Classic or RHN Satellite. You can use rhn_register to register. RHN Satellite or RHN Classic support will be disabled. [root@jsefler-6 ~]# ls /etc/pki/product/ 69.pem VERIFIED AGAIN: 83.pem is added and removed with the final package removed from repo rhel-ha-for-rhel-6-server-rpms This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |
Description of problem: The Product ID cert is not deleted when an installed product for HA is removed because the product-tags have rhel-6-* in them and the present logic (for deletion) depends on this; which prevents the Product ID cert from being deleted. This is what I inferred after discussing the bug with Adrian. Version-Release number of selected component (if applicable): # rpm -qa | egrep "subscription-manager|python-rhsm" subscription-manager-firstboot-1.8.6-1.git.27.f8647f0.el6.x86_64 subscription-manager-migration-data-1.12.2.6-1.git.0.171d4c3.el6.noarch python-rhsm-1.8.9-1.git.7.214419e.el6.x86_64 subscription-manager-migration-1.8.6-1.git.27.f8647f0.el6.x86_64 subscription-manager-1.8.6-1.git.27.f8647f0.el6.x86_64 subscription-manager-gui-1.8.6-1.git.27.f8647f0.el6.x86_64 How reproducible: Always Steps to Reproduce: Start with a plain RHEL Server system, and copy /etc/pki/product/69.pem as well as /var/lib/rhsm/productid.js somewhere safe. productid.js should look something like this: [root@localhost ~]# cat /var/lib/rhsm/productid.js { "69": "anaconda-RedHatEnterpriseLinux-201211201732.x86_64" } Now reproduce using steps above. To reset the machine: 1. unregister 2. Remove any product certs in /etc/pki/product. 3. Restore the two files you backed up. 4. Make sure ccs is uninstalled. 5. yum clean all Registering to stage # subscription-manager register Username: stage_test_2 Password: The system has been registered with ID: 75671af8-6816-493f-9eb7-e4b44a434f69 # subscription-manager list --avail | grep High -A3 Subscription Name: High-Availability (8 sockets) SKU: RH1149049 Pool ID: 8a99f9833c01cc09013c025321d00130 Quantity: 98 -- Subscription Name: High-Availability (8 sockets) SKU: RH1149049 Pool ID: 8a99f9833c01cc09013c025321df013f Quantity: Unlimited -- Subscription Name: High-Availability (8 sockets) SKU: RH1149049 Pool ID: 8a99f9843c01ccba013c037a0fa0015a Quantity: 98 -- Subscription Name: High-Availability (8 sockets) SKU: RH1149049 Pool ID: 8a99f9843c01ccba013c037a0fd40169 Quantity: Unlimited # subscription-manager subscribe --pool 8a99f9833c01cc09013c025321d00130 Successfully attached a subscription for: High-Availability (8 sockets) # subscription-manager list --installed +-------------------------------------------+ Installed Product Status +-------------------------------------------+ Product Name: Red Hat Enterprise Linux Server Product ID: 69 Version: 6.4 Arch: x86_64 Status: Not Subscribed Status Details: Starts: Ends: # subscription-manager list --consumed +-------------------------------------------+ Consumed Subscriptions +-------------------------------------------+ Subscription Name: High-Availability (8 sockets) Provides: Red Hat Enterprise Linux High Availability (for RHEL Server) SKU: RH1149049 Contract: 10014694 Account: 5206740 Serial Number: 6888499241916196322 Pool ID: 8a99f9833c01cc09013c025321d00130 Active: True Quantity Used: 1 Service Level: Layered Service Type: L1-L3 Status Details: Starts: 01/03/2013 Ends: 01/03/2014 # yum repolist Loaded plugins: product-id, refresh-packagekit, rhnplugin, security, subscription-manager This system is receiving updates from Red Hat Subscription Management. This system is not registered with RHN Classic or RHN Satellite. You can use rhn_register to register. RHN Satellite or RHN Classic support will be disabled. rhel-ha-for-rhel-6-server-rpms | 3.7 kB 00:00 repo id repo name status rhel-ha-for-rhel-6-server-rpms Red Hat Enterprise Linux High Availability (for RHEL 6 Server) (RPMs) 253 repolist: 253 # ls /etc/pki/product 69.pem # yum install ccs -y Loaded plugins: product-id, refresh-packagekit, rhnplugin, security, subscription-manager This system is receiving updates from Red Hat Subscription Management. This system is not registered with RHN Classic or RHN Satellite. You can use rhn_register to register. RHN Satellite or RHN Classic support will be disabled. rhel-ha-for-rhel-6-server-rpms | 3.7 kB 00:00 Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package ccs.x86_64 0:0.16.2-63.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved =================================================================================================================================================================================================================== Package Arch Version Repository Size =================================================================================================================================================================================================================== Installing: ccs x86_64 0.16.2-63.el6 rhel-ha-for-rhel-6-server-rpms 48 k Transaction Summary =================================================================================================================================================================================================================== Install 1 Package(s) Total download size: 48 k Installed size: 285 k Downloading Packages: ccs-0.16.2-63.el6.x86_64.rpm | 48 kB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : ccs-0.16.2-63.el6.x86_64 1/1 Verifying : ccs-0.16.2-63.el6.x86_64 1/1 Installed: ccs.x86_64 0:0.16.2-63.el6 Complete! # ls /etc/pki/products 69.pem 83.pem # subscription-manager list --installed +-------------------------------------------+ Installed Product Status +-------------------------------------------+ Product Name: Red Hat Enterprise Linux High Availability (for RHEL Server) Product ID: 83 Version: 6.3 Arch: x86_64 Status: Not Subscribed Status Details: Starts: Ends: Product Name: Red Hat Enterprise Linux Server Product ID: 69 Version: 6.4 Arch: x86_64 Status: Not Subscribed Status Details: Starts: Ends: # subscription-manager list --consumed +-------------------------------------------+ Consumed Subscriptions +-------------------------------------------+ Subscription Name: High-Availability (8 sockets) Provides: Red Hat Enterprise Linux High Availability (for RHEL Server) SKU: RH1149049 Contract: 10014694 Account: 5206740 Serial Number: 6888499241916196322 Pool ID: 8a99f9833c01cc09013c025321d00130 Active: True Quantity Used: 1 Service Level: Layered Service Type: L1-L3 Status Details: Starts: 01/03/2013 Ends: 01/03/2014 # yum remove ccs.x86_64 -y Loaded plugins: product-id, refresh-packagekit, rhnplugin, security, subscription-manager This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. This system is not registered with RHN Classic or RHN Satellite. You can use rhn_register to register. RHN Satellite or RHN Classic support will be disabled. Setting up Remove Process Resolving Dependencies --> Running transaction check ---> Package ccs.x86_64 0:0.16.2-63.el6 will be erased --> Finished Dependency Resolution Dependencies Resolved =================================================================================================================================================================================================================== Package Arch Version Repository Size =================================================================================================================================================================================================================== Removing: ccs x86_64 0.16.2-63.el6 @rhel-ha-for-rhel-6-server-rpms 285 k Transaction Summary =================================================================================================================================================================================================================== Remove 1 Package(s) Installed size: 285 k Downloading Packages: Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Erasing : ccs-0.16.2-63.el6.x86_64 1/1 Verifying : ccs-0.16.2-63.el6.x86_64 1/1 Removed: ccs.x86_64 0:0.16.2-63.el6 Complete! # ls /etc/pki/product/ 69.pem 83.pem # subscription-manager list --installed +-------------------------------------------+ Installed Product Status +-------------------------------------------+ Product Name: Red Hat Enterprise Linux High Availability (for RHEL Server) Product ID: 83 Version: 6.3 Arch: x86_64 Status: Not Subscribed Status Details: Starts: Ends: Product Name: Red Hat Enterprise Linux Server Product ID: 69 Version: 6.4 Arch: x86_64 Status: Not Subscribed Status Details: Starts: Ends: # subscription-manager list --consumed +-------------------------------------------+ Consumed Subscriptions +-------------------------------------------+ Subscription Name: High-Availability (8 sockets) Provides: Red Hat Enterprise Linux High Availability (for RHEL Server) SKU: RH1149049 Contract: 10014694 Account: 5206740 Serial Number: 625734958310432180 Pool ID: 8a99f9833c01cc09013c025321d00130 Active: True Quantity Used: 1 Service Level: Layered Service Type: L1-L3 Status Details: Starts: 01/03/2013 Ends: 01/03/2014 Actual results: 83.pem is not removed Expected results: 83.pem should be removed Additional info: # rct cat-cert /etc/pki/product/83.pem +-------------------------------------------+ Product Certificate +-------------------------------------------+ Certificate: Path: /etc/pki/product/83.pem Version: 1.0 Serial: 12750047592154745682 Start Date: 2012-01-11 17:27:42+00:00 End Date: 2032-01-06 17:27:42+00:00 Subject: CN: Red Hat Product ID [e8f78640-c54c-49f0-a347-47d32ac4f4ae] Product: ID: 83 Name: Red Hat Enterprise Linux High Availability (for RHEL Server) Version: 6.3 Arch: x86_64 Tags: rhel-6-server-highavailability,rhel-6-highavailability