1011768 – Entitlement cert doesnt contain value for "Brand type" and fail to create branded_name file when the cert version set to 1

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1011768 - Entitlement cert doesnt contain value for "Brand type" and fail to create branded_name file when the cert version set to 1

Summary: Entitlement cert doesnt contain value for "Brand type" and fail to create br...

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	subscription-manager
Sub Component:
Version:	7.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	candlepin-bugs
QA Contact:	John Sefler
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	rhsm-rhel70
TreeView+	depends on / blocked

Reported:	2013-09-25 06:12 UTC by Rehana
Modified:	2013-10-11 14:07 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-10-11 14:07:24 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Rehana 2013-09-25 06:12:12 UTC

Description of problem:
Observed that for the client with cert version less than V3 was not getting Brand type value in the entitlement cert and also the file "branded_name" didnt get created on the client

Version-Release number of selected component (if applicable):
subscription-manager version
server type: Red Hat Subscription Management
subscription management server: 0.8.28-1
subscription-manager: 1.10.2-1.git.20.340ef28.el7
python-rhsm: 1.10.2-1.git.4.3048ab5.el7


How reproducible:
3/3

Steps to Reproduce:
1.Set the "system.certificate_version" to 1 ex: echo '{"system.certificate_version":"1"}' > /etc/rhsm/facts/certversion.facts
2.Do a facts update
3.now auto-attach subscription 
4.[root@localhost pki]# subscription-manager attach --auto
Installed Product Current Status:
Product Name: Awesome OS Server Bits
Status:       Subscribed

[root@localhost pki]# cd entitlement/
[root@localhost entitlement]# rct cc 3617287459656864889.pem |more

+-------------------------------------------+
	Entitlement Certificate
+-------------------------------------------+

Certificate:
	Path: 3617287459656864889.pem
	Version: 1.0
	Serial: 3617287459656864889
	Start Date: 2013-09-25 00:00:00+00:00
	End Date: 2014-09-25 00:00:00+00:00
	Pool ID: Not Available

Subject:
	CN: 8ac6a36241539ee4014153b0f24a152e

Issuer:
	C: US
	CN: 10.70.35.226
	L: Raleigh

Product:
	ID: 37060
	Name: Awesome OS Server Bits
	Version: 6.1
	Arch: ALL
	Tags: 
	Brand Type:   ----->> no value

Order:
	Name: Awesome OS with unlimited virtual guests
	Number: order-8675309
	SKU: awesomeos-virt-unlimited
	Contract: 1
5. Verify the branded_name file
[root@localhost entitlement]# cat /var/lib/rhsm/branded_name 
cat: /var/lib/rhsm/branded_name: No such file or directory


Actual results:
Observed that the entitlement cert did nt had the brand type value, and the branded_name file didnt get created

Expected results:
Should contain the value for brand type and branded_name file should be created regardless of the certificate version

Additional info:
rhsm.log (branding log)
2013-09-25 11:26:47,792 [DEBUG]  @connection.py:460 - Response status: 200
2013-09-25 11:26:47,794 [DEBUG]  @connection.py:420 - Loading CA PEM certificates from: /etc/rhsm/ca/
2013-09-25 11:26:47,795 [DEBUG]  @connection.py:402 - Loading CA certificate: '/etc/rhsm/ca/candlepin-stage.pem'
2013-09-25 11:26:47,795 [DEBUG]  @connection.py:402 - Loading CA certificate: '/etc/rhsm/ca/redhat-uep.pem'
2013-09-25 11:26:47,802 [DEBUG]  @connection.py:402 - Loading CA certificate: '/etc/rhsm/ca/candlepin-ca.pem'
2013-09-25 11:26:47,802 [DEBUG]  @connection.py:441 - Making request: GET /candlepin/consumers/ce06b718-b935-447c-9089-ae5dfb4a0dd7/certificates/serials
2013-09-25 11:26:48,020 [DEBUG]  @connection.py:460 - Response status: 200
2013-09-25 11:26:48,021 [DEBUG]  @connection.py:420 - Loading CA PEM certificates from: /etc/rhsm/ca/
2013-09-25 11:26:48,021 [DEBUG]  @connection.py:402 - Loading CA certificate: '/etc/rhsm/ca/candlepin-stage.pem'
2013-09-25 11:26:48,022 [DEBUG]  @connection.py:402 - Loading CA certificate: '/etc/rhsm/ca/redhat-uep.pem'
2013-09-25 11:26:48,022 [DEBUG]  @connection.py:402 - Loading CA certificate: '/etc/rhsm/ca/candlepin-ca.pem'
2013-09-25 11:26:48,023 [DEBUG]  @connection.py:441 - Making request: GET /candlepin/consumers/ce06b718-b935-447c-9089-ae5dfb4a0dd7/certificates?serials=3617287459656864889
2013-09-25 11:26:48,182 [DEBUG]  @connection.py:460 - Response status: 200
2013-09-25 11:26:48,209 [DEBUG]  @entbranding.py:47 - BrandInstaller ent_certs:  [3617287459656864889L]
2013-09-25 11:26:48,210 [DEBUG]  @certdirectory.py:204 - Installed product IDs: ['37060']
2013-09-25 11:26:48,210 [DEBUG]  @rhelentbranding.py:124 - 0 entitlement certs with brand info found
2013-09-25 11:26:48,210 [INFO]  @certlib.py:244 - certs updated:
Total updates: 1
Found (local) serial# []
Expected (UEP) serial# [3617287459656864889]
Added (new)
  [sn:3617287459656864889 (Awesome OS Server Bits,) @ /etc/pki/entitlement/3617287459656864889.pem]
Deleted (rogue):
  <NONE>
2013-09-25 11:26:48,238 [DEBUG]  @certdirectory.py:204 - Installed product IDs: ['37060']
2013-09-25 11:26:48,238 [DEBUG]  @connection.py:420 - Loading CA PEM certificates from: /etc/rhsm/ca/
2013-09-25 11:26:48,239 [DEBUG]  @connection.py:402 - Loading CA certificate: '/etc/rhsm/ca/candlepin-stage.pem'
2013-09-25 11:26:48,239 [DEBUG]  @connection.py:402 - Loading CA certificate: '/etc/rhsm/ca/redhat-uep.pem'
2013-09-25 11:26:48,239 [DEBUG]  @connection.py:402 - Loading CA certificate: '/etc/rhsm/ca/candlepin-ca.pem'
2013-09-25 11:26:48,240 [DEBUG]  @connection.py:441 - Making request: GET /candlepin/consumers/ce06b718-b935-447c-9089-ae5dfb4a0dd7/compliance
2013-09-25 11:26:48,383 [DEBUG]  @connection.py:460 - Response status: 200

Retested the above scenario with cert version 3.2, observed that the brand type value  was present in the entitlement file, and the branded_name file was created

Comment 1 Bryan Kearney 2013-10-11 14:07:24 UTC

Branding is a cert v3 feature. RHEL7 should only be using certv3. I am fine with this as is.

Note You need to log in before you can comment on or make changes to this bug.