Bug 998831
| Summary: | The result of 'yum repolist' is not 0 if the system date is invalid in subscriptions' valid time. | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | qianzhan |
| Component: | subscription-manager | Assignee: | Jesus M. Rodriguez <jesusr> |
| Status: | CLOSED WONTFIX | QA Contact: | IDM QE LIST <seceng-idm-qe-list> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.0 | CC: | alikins, bkearney, gxing, jesusr, liliu, sgao |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-02-04 17:09:50 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 863175 | ||
I think thumbslug and yum/subscription-manager plugin behaviour is correct here. The entitlement certs are valid, and do grant access to the content. So not a thumbslug bug. 'subscription-manager list --consumed' is being a little strange here, because it is filtering entitlement certificates based on local client time being outside the range of the certs date range. More precisely, the Certificate.is_valid method from python-rhsm does the local time compare, and some subscription-manager code uses that. subscription-manager client code uses local time to calculate ent cert validity in a few places. Ideally, those should be changed to only involve the entitlement servers concept of validity. Most of the client checks are leftovers from before server side entitlement status calculation, but some have been left to support disconnected cases. Ideally, entitlement certficate validity checks would rely on the entitlement server, and only fall back to local time checks for disconnected scenarios. Since we do need to support that. - not a thumbslug bug - behaviour is correct for correct local time, so not a blocker I'm going to move this to a subscription-manager bug since we could potentially change code there to handle this unusual case differently. Moving the client/server times into the future is always problematic. It is better to create entitlements that are short lived and will expire in 5 or 10 minutes and let them expire. |
Description of problem: The result of 'yum repolist' is not 0 if the system date is invalid in subscriptions' valid time. Version-Release number of selected component (if applicable): katello-candlepin-cert-key-pair-1.0-1.noarch katello-certs-tools-1.4.2-2.el6sat.noarch katello-cli-1.4.3-7.el6sat.noarch katello-cli-common-1.4.3-7.el6sat.noarch katello-common-1.4.3-8.el6sam_splice.noarch katello-configure-1.4.4-2.el6sat.noarch katello-glue-candlepin-1.4.3-8.el6sam_splice.noarch katello-glue-elasticsearch-1.4.3-8.el6sam_splice.noarch katello-headpin-1.4.3-8.el6sam_splice.noarch katello-headpin-all-1.4.3-8.el6sam_splice.noarch katello-selinux-1.4.4-2.el6sat.noarch signo-katello-0.0.20-1.el6sat.noarch candlepin-0.8.20-1.el6sam.noarch candlepin-scl-1-5.el6_4.noarch candlepin-scl-quartz-2.1.5-5.el6_4.noarch candlepin-scl-rhino-1.7R3-1.el6_4.noarch candlepin-scl-runtime-1-5.el6_4.noarch candlepin-selinux-0.8.20-1.el6sam.noarch candlepin-tomcat6-0.8.20-1.el6sam.noarch thumbslug-0.0.32-1.el6sam.noarch thumbslug-selinux-0.0.32-1.el6sam.noarch subscription-manager-firstboot-1.8.20-1.el5 subscription-manager-gui-1.8.20-1.el5 subscription-manager-1.8.20-1.el5 python-rhsm: 1.8.16-1.el5 How reproducible: always Steps to Reproduce: 1. Register and auto-attach [root@dhcp-65-9 ~]# subscription-manager register --auto-attach Username: admin Password: The system has been registered with ID: c40e0f12-87af-4267-a066-5ce58abbbc76 Installed Product Current Status: Product Name: Red Hat Enterprise Linux Desktop Status: Unknown 2. List consumed subscriptions [root@dhcp-65-9 ~]# subscription-manager list --consumed +-------------------------------------------+ Consumed Subscriptions +-------------------------------------------+ Subscription Name: Red Hat Enterprise Linux Desktop (50 pack), Standard Provides: Red Hat Enterprise Linux Desktop Red Hat Beta SKU: RH0823221 Contract: 10024928 Account: 5225762 Serial: 5702903663433298241 Pool ID: 8ac28da3408509ee0140851138be00c4 Active: True Quantity Used: 1 Service Level: Standard Service Type: L1-L3 Status Details: Starts: 07/25/2013 Ends: 07/24/2014 3. yum repolist [root@dhcp-65-9 ~]# yum repolist Loaded plugins: product-id, security, subscription-manager This system is receiving updates from Red Hat Subscription Management. repo id repo name status rhel-5-client-rhev-agent-rpms Red Hat Enterprise Virtualization Agents for RHEL 5 Client (RPMs) 2 rhel-5-desktop-rpms Red Hat Enterprise Linux 5 Desktop (RPMs) 9,463 repolist: 9,465 4. Clean all repo [root@dhcp-65-9 ~]# yum clean all Loaded plugins: product-id, security, subscription-manager This system is receiving updates from Red Hat Subscription Management. Cleaning up Everything 5. Set the system times of client and SAM server to be invalid (1) set the system of client [root@dhcp-65-9 ~]# date -s 20300101 Tue Jan 1 00:00:00 EST 2030 (2) set the system of SAM server [root@samserv tmp]# date -s 20300101 Tue Jan 1 00:00:00 EST 2030 6. Restart rhsmcertd service, and wait 2 minutes [root@dhcp-65-9 ~]# service rhsmcertd restart Stopping rhsmcertd... [ OK ] Starting rhsmcertd... [ OK ] 7. yum repolist [root@dhcp-65-9 ~]# yum repolist Loaded plugins: product-id, security, subscription-manager sslv3 alert certificate expired rhel-5-client-rhev-agent-rpms | 3.1 kB 00:00 rhel-5-client-rhev-agent-rpms/primary_db | 3.0 kB 00:00 rhel-5-desktop-rpms | 3.7 kB 00:00 rhel-5-desktop-rpms/primary_db | 5.6 MB 00:10 repo id repo name status rhel-5-client-rhev-agent-rpms Red Hat Enterprise Virtualization Agents for RHEL 5 Client (RPMs) 2 rhel-5-desktop-rpms Red Hat Enterprise Linux 5 Desktop (RPMs) 9,463 repolist: 9,465 8. List consumed subscriptions [root@dhcp-65-9 ~]# subscription-manager list --consumed No consumed subscription pools to list Actual results: The result of 'yum repolist' is not 0 if the system date is invalid in subscriptions' valid time. Expected results: The result of 'yum repolist' should be 0 if the system date is invalid in subscriptions' valid time. Additional info: katello-debug info is attached as 'katello-debug info'